XSS has been reported in the following plugins:
Concrete Tabs There has also been a case of XSS in the registration form of a Concrete CMS installation. The following proof-of-concept highlights this vulnerability. img> img> The above XSS is triggered when a user visits the “login” page, types their password and submits the form. This can be used as a vector for an attacker to execute arbitrary commands. This issue has been reported to Concrete and is under investigation. XSS has also been reported in the following plugins: XSS has been reported in the following plugins: There has also been a case of XSS in the registration form of a Concrete CMS installation. The following proof-of-concept highlights this vulnerability.
Concrete Email is a popular email plugin. When the plugin gets installed, it creates a login page where users can input their credentials to log in to their website. There has been a report of XSS in the login form of this plugin and this vulnerability is under investigation.