CVE-2021-40100

CVE-2021-40100

EPSS 0.5%

An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/616770