CVE-2025-8571 Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page
Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting XSS in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and if victim is an admi...