Vulnerability Database
296,147
Total vulnerabilities in the database
CVE-2023-48650
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.
| Software | From | Fixed in |
|---|---|---|
concrete5 / concrete5
|
- | 8.5.14 |
|
concrete5 / concrete5
|
9.0.0 | 9.2.3 |
| concretecms / concrete_cms | 9.0.0 | 9.2.3 |
| concretecms / concrete_cms | - | 8.5.14 |
- https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes
- https://github.com/concretecms/concretecms/commit/077755e6bbbc1c67b7508add9e3d207e8d8909a0
- https://github.com/concretecms/concretecms/commit/5b93470bcccf271810d3a0b190368ce6a9d6c84b
- https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates