[MEDIUM] Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

PKSA-k8s6-ntjk-g2wy CVE-2026-3241 GHSA-f4vq-pj32-gr4q

Affected package: concrete5/concrete5

Affected version: <9.4.8

Reported by:
GitHub