Akbar_Jafarli

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.13 Concrete CMS versions 9.x prior to 9.2.2 **Description** The issue allows for stored XSS on the Admin page via an uploaded file name. **Recommendations** For versions prior to 8.5.13, update to version 8.5.13 or later. For versions 9.x prior to 9.2.2, update to version 9.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions below 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 **Description** The issue concerns a lack of sanitization in the result dashboard page output for text input fields, leading to a potential XSS vulnerability. The Concrete CMS security team has reported this issue. **Recommendations** For Concrete CMS versions below 8.5.10, update to Concrete CMS 8.5.10. For Concrete CMS versions 9.0.0 through 9.1.2, update to Concrete CMS 9.1.3.