Deek87

Name of the Vulnerable Software and Affected Versions: Concrete CMS (formerly concrete5) versions prior to 8.5.5 Description: The issue allows remote authenticated users to conduct Cross-site Scripting (XSS) attacks via a crafted survey block, requiring at least Editor privileges. Recommendations: For versions prior to 8.5.5, update to version 8.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the survey block feature for users with Editor privileges until the update is applied.