PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS v.9.2.1, which stems from the lack of effective filtering and escaping of user-supplied data by the Header and Footer Tracking Codes component, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload. The vulnerability stems from the lack of effective filtering and escaping of user-provided data in the component Header and Footer Tracking Codes.