PT-2023-30871 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.13 and earlier Concrete CMS versions 9.0.0 through 9.2.2 Description: The issue allows an admin to add a stored XSS payload via the Layout Preset name, potentially affecting user interactions with the system...

PortlandLabs Concrete CMS Security Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A security vulnerability exists in PortlandLabs Concrete CMS prior to 8.5.13 and versions prior to 9.2.2, which stems from a File creation function that may grant too many permissions when...