PT-2025-13645 · Unknown · Concrete Cms

Published

2025-03-30

Updated

2025-03-31

CVE-2025-2972

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ConcreteCMS versions up to 9.3.9

Description A problematic issue has been found in ConcreteCMS, affecting some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the Title argument leads to cross-site scripting. The attack may be launched remotely.

Recommendations For versions up to 9.3.9, update to a version later than 9.3.9 to resolve the issue. As a temporary workaround, consider restricting the use of the Page Attribute Display Block Handler until a patch is available. Avoid using the Title argument in the affected component to minimize the risk of exploitation.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2025-2972

Affected Products

Concrete Cms

PT-2025-13645 · Unknown · Concrete Cms

CVE-2025-2972

Weakness Enumeration

Related Identifiers

Affected Products

References · 10