Concrete5 version 8.5.4 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to nu11secur1ty in March of 2021.
85b90184d4fc5f1bb1bad2e1800e72fd5f21249b52f09b95dfbc02fe3864fd2d