Guram

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 **Description** The issue concerns Cross-site Scripting (XSS) in the Advanced File Search Filter. A rogue administrator could add malicious code in the file manager due to insufficient validation of administrator-provided data. All administrators have access to the File Manager and could create a search filter with the malicious code attached. **Recommendations** For versions 9 below 9.2.8 and versions below 8.5.16, update to version 9.2.8 or 8.5.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the Advanced File Search Filter in the File Manager to minimize the risk of exploitation.