cbcvebase.
CVE-2023-49337
published 2024-02-29

CVE-2023-49337: Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)

PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.55%
41.8th percentile
Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)

Affected

2 ranges
VendorProductVersion rangeFixed in
concrete5concrete5>= 9.0.0 < 9.2.39.2.3
concretecmsconcrete_cms>= 9.0.0 < 9.2.39.2.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.