4 matches found
CVE-2025-2972
A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...
CVE-2025-2972 ConcreteCMS Page Attribute Display Block cross site scripting
A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...
CVE-2025-2972
...
CVE-2025-2972
The CVE-2025-2972 entry is marked with a CNA-rejected note in the Initial document, but connected records describe a ConcreteCMS-specific XSS issue: manipulation of the Title argument in the Page Attribute Display Block Handler can lead to cross-site scripting, affecting ConcreteCMS up to version...