2 matches found
CVE-2024-1246
Concrete CMS 9.x prior to 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient input validation. A rogue administrator could inject malicious code during image import, potentially executing in users’ browsers. Public references (NVD, Red Hat, GHSA, OSV, Veraco...
CVE-2024-1246 Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...