4 matches found
EUVD-2026-31380
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...
CVE-2026-8139
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...
CVE-2026-8139 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...
PT-2026-42581
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Stored Cross-Site Scripting XSS occurs via the 'external-link' page cvName because the updateCollectionAliasExternal function bypasses sanitization. Stored XSS is a flaw where malicious scripts...