2023-12-25 00:00:00
mitre
PUBLISHED
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.