Concrete CMS is vulnerable to cross-site scripting. The vulnerability is due to lack of sanitization in the output of the dashboard page, allowing an attacker to inject and execute malicious javascript through the text input field.
documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
documentation.concretecms.org/developers/introduction/version-history/913-release-notes
github.com/advisories/GHSA-xj33-8r43-r227
github.com/concretecms/concretecms-core/commit/95e13cb232859ae16fe1ea29be2133c211d57eb1
github.com/concretecms/concretecms-core/commit/decb450f1cb2170ae532810b3d297df7c1c0623c
github.com/concretecms/concretecms/commit/252c38ccff2f22d00cff18994d8f07aee9400edb
github.com/concretecms/concretecms/commit/2cf75469cfef0699618ab9436049dec33aa8ad15
github.com/concretecms/concretecms/commit/abadf3f751ab76edbf1bb7940aa241a57b73d992
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31