[MEDIUM] Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

PKSA-nnjv-c4gq-wny8 CVE-2026-3242 GHSA-w9qg-chfh-g3q9

Affected package: concrete5/concrete5

Affected version: <9.4.8

Reported by:
GitHub