CVE-2023-48650 Information

Mar 01, 2024 cve

Description

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.

Reference

https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates

Share on: