CVE-2021-40100
MEDIUMConcrete CMS < 8.5.5 - Stored Cross-Site Scripting in Conversations Rich Text Editor
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-40100. PoCs published by bl4de.
Description
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.
Exploits (1)
References (2)
Core 2
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/616770
Release Notes, Vendor Advisory x_refsource_misc
https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes
Scores
CVSS v3
5.4
EPSS
0.0050
EPSS Percentile
38.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
concretecms/concrete_cms
< 8.5.5
Published
Sep 24, 2021
Tracked Since
Feb 18, 2026