Ramshath Mm

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions 8.6 through 9.2.2 **Description** The issue allows Stored XSS on the Admin Dashboard via the "/dashboard/system/basics/name" API endpoint. The `name` variable is vulnerable to this type of attack. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Concrete CMS versions 8.6 through 9.2.2, update to version 9.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/dashboard/system/basics/name" API endpoint until a patch is available. Avoid using the `name` variable in the affected API endpoint until the issue is resolved.