cbcvebase.
CVE-2023-48649
published 2023-11-17

CVE-2023-48649: Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.59%
43.6th percentile
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

Affected

4 ranges
VendorProductVersion rangeFixed in
concrete5concrete5>= 0 < 8.5.138.5.13
concrete5concrete5>= 9.0.0 < 9.2.29.2.2
concretecmsconcrete_cms< 8.5.138.5.13
concretecmsconcrete_cms>= 9.0 < 9.2.29.2.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.