Headline
GHSA-wrp2-6v6j-hfmg: ConcreteCMS vulnerable to Stored Cross-site Scripting
Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail file upload, which allows Cross-Site Scripting (XSS).
ConcreteCMS vulnerable to Stored Cross-site Scripting
Moderate severity GitHub Reviewed Published Oct 10, 2023 to the GitHub Advisory Database • Updated Oct 10, 2023
Related news
CVE-2023-44763: GitHub - sromanhu/CVE-2023-44763_ConcreteCMS-Arbitrary-file-upload-Thumbnail: ConcreteCMS v.9.2.1 is affected by Arbitrary File Upload vulnerability that allows Cross-Site Scriting (XSS) Stored.
** DISPUTED ** Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the allowed file types in the default configuration.