A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 up to and including 9.2.1 allows an malicious user to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
concretecms concrete cms 9.2.1 |