2 matches found
CVE-2023-44766
A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to...
CVE-2023-44766
Concrete CMS v9.2.1 contains a Cross-Site Scripting (XSS) vulnerability in the SEO-Extra feature, specifically within the Header and Footer Tracking Codes component. The issue stems from insufficient filtering/escaping of user-supplied data, allowing an attacker to inject and execute arbitrary sc...