CVE-2023-48650

CVE-2023-48650

EPSS 0.5%

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates