Concrete CMS is vulnerable to cross-site scripting. The vulnerability exists due to the unsanitized outputs in icons.php
, allowing an attacker to inject and execute malicious JavaScript.
documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
documentation.concretecms.org/developers/introduction/version-history/913-release-notes
github.com/concretecms/concretecms-core/commit/95e13cb232859ae16fe1ea29be2133c211d57eb1
github.com/concretecms/concretecms-core/commit/decb450f1cb2170ae532810b3d297df7c1c0623c
github.com/concretecms/concretecms/commit/252c38ccff2f22d00cff18994d8f07aee9400edb
github.com/concretecms/concretecms/commit/2cf75469cfef0699618ab9436049dec33aa8ad15
github.com/concretecms/concretecms/pull/11002
github.com/concretecms/concretecms/releases/8.5.10
github.com/concretecms/concretecms/releases/9.1.3
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31