[MEDIUM] Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

PKSA-gwgb-qhcr-dkk9 CVE-2026-3240 GHSA-45fj-fvmm-xcc5

Affected package: concrete5/concrete5

Affected version: <9.4.8

Reported by:
GitHub