Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). A rogue administrator could inject malicious code.
{ "nvd_published_at": "2024-08-08T17:15:20Z", "severity": "MODERATE", "github_reviewed_at": "2024-08-08T20:40:12Z", "github_reviewed": true, "cwe_ids": [ "CWE-20", "CWE-79" ] }