A vulnerability, which was classified as problematic , was found in Concrete CMS up to 9.5.0 . The affected element is an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2026-8353 . The attack can be executed remotely. There is not any exploit available.