Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.
{ "github_reviewed_at": "2023-11-17T22:47:39Z", "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2023-11-17T04:15:07Z", "severity": "LOW", "github_reviewed": true }