From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Type: - Type: Stored XSS - Affected Versions: 9.0.1, 9.0.2, 9.1.0, 9.1.1, 9.1.2, 8.5.10-12, 9.1.3, 9.2.0, 9.2.1, 9.2.5, 9.2.6, 9.2.7, 9.2.8, 9.2.9, 9.3.0, 9.3.1, 9.3.2, 9.3.3 2. Affected Components: - RSS Display Block - Generate Board Name Input Field - getAttributeSetName() 3. Vulnerability Description: - RSS Display Block: The board instance name is not properly sanitized in output, allowing malicious code injection. - Generate Board Name Input Field: Insufficient validation during input processing permits malicious code injection. - getAttributeSetName(): The board instance name is not sanitized during processing, leading to malicious code injection. 4. Remediation Measures: - RSS Display Block: Fixed by sanitizing the board instance name in output. - Generate Board Name Input Field: Fixed by implementing thorough validation during input processing. - getAttributeSetName(): Fixed by sanitizing the board instance name during processing. 5. Security Updates: - Concrete CMS: These vulnerabilities were patched in versions 9.0.1 through 9.3.3. 6. Security Ratings: - CVSS v3.1: 3.1 - CVSS v4: 2.1 This information helps users identify which versions of Concrete CMS are affected by stored XSS vulnerabilities and take appropriate security measures to remediate them.