5 matches found
CVE-2025-0660
Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...
CVE-2025-0660
Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...
CVE-2025-0660 Stored XSS in Folder Function by Rogue Admin
Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...
CVE-2025-0660
Concrete CMS is affected by a stored XSS in the Folder Function (Add Folder) for versions 9.0.0–9.3.9 due to insufficient input sanitization. An admin can inject XSS payloads into folder names, potentially executing in users’ browsers. The issue is associated with CVSS v4.0/4.0 vector (base 4.8, ...
CVE-2025-0660 Stored XSS in Folder Function by Rogue Admin
Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...