Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 09/02/2024 Updated: 15/02/2024

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 0

Concrete CMS version 9 prior to 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.

Vulnerable Product	Search on Vulmon	Subscribe to Product
concretecms concrete cms

CWE-79 https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-1245

Vulnerability Summary

References

Vulmon Search

About

Products

Connect