Vulnerabilities

CVE-2026-3244 - Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results vi...

2026-03-04 0 views admin

CVE ID : CVE-2026-3244 Published : March 4, 2026, 1:55 a.m. | 27 minutes ago Description : In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page names that executes when users search for and view those pages in search results. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks zolpak for reporting Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-3244

Severity

MEDIUM

CVSS Score

4.0 / 10.0

Published

March 4, 2026

Impact: XSS

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-3244medium

CVE-2026-3244 - Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results vi...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-3240 - Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form

CVE-2026-2994 - Concrete CMS below 9.4.8 is vulnerable to CSRF by a Rogue Admin using the Anti-Sp...

CVE-2026-3242 - Concrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language block

CVE-2026-3241 - Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting