CVE-2025-2968

Name of the Vulnerable Software and Affected Versions ConcreteCMS versions up to 9.3.9

Description A vulnerability was found in ConcreteCMS that affects the function Save of the component Feature Block Handler. The manipulation of the argument Paragraph Source leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For versions up to 9.3.9, as a temporary workaround, consider disabling the Save function of the Feature Block Handler component until a patch is available. Restrict access to the Feature Block Handler component to minimize the risk of exploitation. Avoid using the Paragraph Source argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.