Fhanso

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions 9.0.0 through 9.3.2 **Description** The issue is a stored XSS vulnerability in the generate dashboard board instance functionality. The `Name` input field does not check the input sufficiently, letting a rogue administrator inject malicious JavaScript code. **Recommendations** For Concrete CMS versions 9.0.0 through 9.3.2, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the `Name` input field in the generate dashboard board instance functionality to minimize the risk of exploitation.