Arbitrary Code Execution via Cross Site Scripting (XSS) in Concrete CMS 8.5.12 and below, and 9.0 through 9.2.1

Arbitrary Code Execution via Cross Site Scripting (XSS) in Concrete CMS 8.5.12 and below, and 9.0 through 9.2.1

CVE-2023-44765 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.

Learn more about our Cms Pen Testing.