CVE-2022-30118

Title for CVE: XSS in /dashboard/system/express/entities/forms/savecontrol/GUID: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can...

Concrete CMS: Stored XSS on express entries

Download Concrete5 8.5.2 and install it 2. Log into your Concrete5 instance as admin 3. Go to Dashboard System settings Express entities /index.php/dashboard/system/express/entities 4. Сlick on the Create button 5. in the field Name paste the following text: alert1 6. Go to tab View Objects...