CVE-2025-2963 Information

Description

A vulnerability which was classified as problematic has been found in ConcreteCMS up to 9.3.9. This issue affects the function addEditQuestion of the component Legacy Form Block Handler. The manipulation of the argument Question leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc1.md https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc1.md https://vuldb.com/?ctiid.302015 https://vuldb.com/?id.302015 https://vuldb.com/?submit.522413