Stored XSS Vulnerability in Concrete CMS Conversations with Rich Text Editor

Stored XSS Vulnerability in Concrete CMS Conversations with Rich Text Editor

CVE-2021-40100 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.

Learn more about our Cms Pen Testing.