CVE-2023-44762

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.2.0 through 9.2.2

Description A Cross Site Scripting (XSS) vulnerability in Concrete CMS allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.

Recommendations For versions 9.2.0 through 9.2.2, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the Tags from Settings - Tags until a patch is available. Avoid using crafted scripts to the Tags from Settings - Tags in the affected versions until the issue is resolved.