CVE-2023-48649

LOW3.5EPSS 1.3%

Concrete CMS Cross-site Scripting vulnerability

Published: 11/17/2023Modified: 2/16/2024

Description

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

Source	Version	Severity	Vector
osv	CVSS 3.1	LOW3.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N