CVE-2021-40100

MEDIUM

Concretecms Concrete Cms < 8.5.5 - XSS

Title source: rule
STIX 2.1

Description

An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.

Exploits (1)

github NO CODE
by bl4de · poc
https://github.com/bl4de/CVEs/tree/master/CVE-2021-40100

References (2)

Scores

CVSS v3 5.4
EPSS 0.0025
EPSS Percentile 48.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
concretecms/concrete_cms < 8.5.5
Published Sep 24, 2021
Tracked Since Feb 18, 2026