First published: Fri Nov 17 2023(Updated: )
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.
Credit: email@example.com firstname.lastname@example.org
|Affected Software||Affected Version||How to fix|
|Concretecms Concrete Cms||<8.5.13|
|Concretecms Concrete Cms||>=9.0<9.2.2|
The vulnerability ID is CVE-2023-48649.
The severity of CVE-2023-48649 is low (3.5).
Concrete CMS versions before 8.5.13 and 9.x before 9.2.2 are affected by CVE-2023-48649.
Stored XSS on the Admin page can be exploited through an uploaded file name.
CVE-2023-48649 can be fixed by upgrading to Concrete CMS version 8.5.13 or 9.2.2.