CVE-2024-1247
Concrete CMS is affected in versions 9.x before 9.2.5, with a stored XSS vulnerability in the Role Name field due to insufficient input validation. A rogue administrator could inject script that runs for users visiting the affected page. The issue is documented across multiple sources (NVD, OSV, ...