2 matches found
CVE-2023-48649
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...
CVE-2023-48649
Concrete CMS versions prior to 8.5.13 and 9.x prior to 9.2.2 are affected by a stored XSS vulnerability on the Admin page triggered via an uploaded file name. The root cause is lack of proper filtering/escaping for user-supplied file/folder names in the admin interface. Impact described in multip...