CVE-2022-30118

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 8.5.7 and below Concrete CMS versions 9.0 through 9.0.2

Description The issue allows for XSS when editing a form control in an express entities form using Internet Explorer with XSS protection disabled. This cannot be exploited in modern web browsers due to automatic input escape mechanisms. The estimated number of potentially affected devices is not provided.

Recommendations For Concrete CMS versions 8.5.7 and below, update to a version above 8.5.7 to resolve the issue. For Concrete CMS versions 9.0 through 9.0.2, update to a version above 9.0.2 to resolve the issue. As a temporary workaround, consider disabling the use of Internet Explorer or enabling XSS protection until a patch is available.