PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates in /dashboard/blocks/stacks/view_ details. The vulnerability stems from the lack of data validation filtering of user-supplied data and output in details, which can be exploited by attackers to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
Portland Labs Concrete CMS | le | 8.5.7 | |
Portland Labs Concrete CMS >=9.0.0, | le | 9.0.2 |