CVE-2023-44764

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.2.3

Description A Cross Site Scripting (XSS) issue exists via the SITE parameter during installation or in the Settings, allowing an attacker to execute arbitrary code via a crafted script.

Recommendations For versions prior to 9.2.3, update to version 9.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation and Settings pages to minimize the risk of exploitation. Avoid using the SITE parameter in the affected API endpoint until the issue is resolved.