CVE-2026-8245 | Concrete CMS up to 9.5.0 URL legacy cross site scripting

Inserito da Angelo Barbosa | Mag 22, 2026 | CVE

A vulnerability, which was classified as critical, was found in Concrete CMS up to 9.5.0. The impacted element is an unknown function of the file /dashboard/reports/forms/legacy of the component URL Handler. Such manipulation leads to improper neutralization of script in attributes in a web page.

This vulnerability is listed as CVE-2026-8245. The attack may be performed from remote. There is no available exploit.

CVE-2026-8245 | Concrete CMS up to 9.5.0 URL legacy cross site scripting

Post correlati

CVE-2025-4220 | Xavins List Subpages Plugin up to 1.3 on WordPress Shortcode xls cross site scripting

CVE-2023-6872 | Mozilla Firefox up to 120 Gnome log file

CVE-2025-49878 | Greg Winiarski WPAdverts Plugin up to 2.2.4 on WordPress cross site scripting

CVE-2023-50053 | Foundation Platform 1.0 Message information disclosure