CVE-2023-28819
Concrete CMS (formerly concrete5) has a stored XSS vulnerability in uploaded file and folder names affecting versions 8.5.12 and older, and 9.0.0–9.0.2. Public advisories indicate fixes exist in 9.1+; earlier versions are vulnerable and may expose users to script execution via name fields. No exp...