2 matches found
CVE-2024-1245
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...
CVE-2024-1245
CVE-2024-1245 – Concrete CMS stored XSS (pre-9.2.5) Affected product: Concrete CMS, version 9.x prior to 9.2.5. Vulnerability: Stored XSS in file attributes entered on the Edit Attributes page. Administrative input in file tags and description attributes is not sufficiently sanitized, enabling a ...