Concrete CMS is vulnerable to cross-site scripting.The vulnerability exists in add.php
due to a lack of sanitization of the entity name, which allows an attacker to inject and execute malicious JavaScript.
documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
documentation.concretecms.org/developers/introduction/version-history/913-release-notes
github.com/concretecms/concretecms-core/commit/60c8ee4c3b1133b729696d210e523f279f9de33a
github.com/concretecms/concretecms-core/commit/d8f8128873c19ec915e394c7e1a3d49c4625c0e8
github.com/concretecms/concretecms/commit/46129ada9b00e5f7eebc4c6c46aba8bfdbee0ad5
github.com/concretecms/concretecms/commit/4fc7d1c72b8c8a622cc3d140390c7209f8af57ec
github.com/concretecms/concretecms/pull/10997
github.com/concretecms/concretecms/releases/8.5.10
github.com/concretecms/concretecms/releases/9.1.3
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31