PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates in /dashboard/system/express/entities/ Forms/save_control lacks a data validation filter for user-supplied data and output, which can be exploited by attackers to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
Portland Labs Concrete CMS | le | 8.5.7 | |
Portland Labs Concrete CMS >=9.0.0, | le | 9.0.2 |