Concrete CMS is an open source content management system for teams.A stored cross-site scripting vulnerability exists in Conversations in Concrete CMS 8.5.5 and earlier versions when the “Active Conversation Editor” is set to rich text. An attacker could exploit this vulnerability to insert malicious code.