Sealldev

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions 9 through 9.4.2 **Description** Concrete CMS versions 9 through 9.4.2 are susceptible to Stored Cross-Site Scripting (XSS) originating from the Home Folder on the Members Dashboard page. A malicious administrator could establish a folder containing XSS payloads, potentially redirecting users to this folder upon login. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.