PT-2023-31171 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.6 through 9.2.2 Description: The issue allows Stored XSS on the Admin Dashboard via the "/dashboard/system/basics/name" API endpoint. The name variable is vulnerable to this type of attack. There is no information...