CVE-2024-8661

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.3.4 Concrete CMS versions below 8.5.19

Description: A Stored XSS vulnerability exists in the "Next&Previous Nav" block of Concrete CMS, allowing a rogue administrator to add a malicious payload that can be executed in the browsers of targeted users. This is due to insufficient sanitization of the block's output.

Recommendations: For Concrete CMS versions 9.0.0 through 9.3.4, update to a version that includes the fix for this issue. For Concrete CMS versions below 8.5.19, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the "Next&Previous Nav" block until a patch is available.