Concrete CMS prior to 8.5.13 and 9.x prior to 9.2.2 allows stored XSS on the Admin page via an uploaded file name.
concretecms concrete cms