Unknown · Concrete Cms · CVE-2023-48650
**Name of the Vulnerable Software and Affected Versions**
Concrete CMS versions 8.5.13 and earlier
Concrete CMS versions 9.0.0 through 9.2.2
**Description**
The issue allows an admin to add a stored XSS payload via the Layout Preset name, potentially affecting user interactions with the system.
**Recommendations**
For Concrete CMS versions 8.5.13 and earlier, update to version 8.5.14 or later.
For Concrete CMS versions 9.0.0 through 9.2.2, update to version 9.2.3 or later.