Headline
GHSA-36fr-3wg8-q5v8: Concrete CMS Cross-site Scripting vulnerability
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.
Concrete CMS Cross-site Scripting vulnerability
Low severity GitHub Reviewed Published Nov 17, 2023 to the GitHub Advisory Database • Updated Nov 17, 2023
Related news
CVE-2023-48649: 2023-11-09 Security Blog about updated CVEs and new releases
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.