Stored XSS Vulnerability in Concrete CMS (previously concrete5) Versions 8.5.12 and below, 9.0.0 through 9.0.2

Stored XSS Vulnerability in Concrete CMS (previously concrete5) Versions 8.5.12 and below, 9.0.0 through 9.0.2

CVE-2023-28819 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.

Learn more about our Cms Pen Testing.