2 matches found
CVE-2023-48650
Concrete CMS is affected by a stored XSS vulnerability in the Layout Preset name affecting versions 8.5.13 and earlier and 9.0.0 through 9.2.2; the issue arises from input-processing allowing an admin to inject malicious code. Remediation: upgrade to Concrete CMS 8.5.14 or later, or 9.2.3 or late...
CVE-2023-48650
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...