LOW
GHSA-752x-23hp-jmv6
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete
Details
Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete.
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist / concrete5/concrete5
Introduced in:
9.0.0RC1 Fixed in: 9.5.1 Fix
composer require concrete5/concrete5:^9.5.1