PT-2026-22862 · Unknown · Concrete Cms
Zolpak
·
Published
2026-03-04
·
Updated
2026-03-04
·
CVE-2026-3244
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Concrete CMS versions prior to 9.4.8
Description
A stored cross-site scripting (XSS) issue exists in the search block of the software. Page names and content are rendered without proper HTML encoding in search results, allowing authenticated administrators to inject malicious JavaScript through page names. This JavaScript executes when users search for and view those pages in search results.
Recommendations
Update to version 9.4.8 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Concrete Cms