2 matches found
CVE-2023-44760
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...
CVE-2023-44760
Concrete CMS v9.2.1 contains an XSS vulnerability in the Header and Footer Tracking Codes used by SEO & Statistics. A crafted script injected into these fields can execute arbitrary HTML/JS, allowing an attacker to run code in the context of the affected site. Vendor disputes CVE-2023-44760 claim...