[MEDIUM] Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page

PKSA-t956-bfpp-mxgp CVE-2025-8571 GHSA-4pcg-pjp5-3mc6

Affected package: concrete5/concrete5

Affected version: >=9.0.0RC1,<9.4.3|<8.5.21

Reported by:
GitHub