CVE-2026-8245
Concrete CMS 9.5.0 and earlier is vulnerable to a Reflected XSS in Legacy Pagination. The flaw occurs because Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating the $URL field into href, allowing an attacker to craft a URL that injects HTML into the link tag. An authenti...