Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv3

CVE-2024-1246

Published: 09/02/2024 Updated: 15/02/2024
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
VMScore: 0
Subscribe to Concrete Cms

Vulnerability Summary

Concrete CMS in version 9 prior to 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.

Vulnerable Product Search on Vulmon Subscribe to Product

concretecms concrete cms

References

CWE-79https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-noteshttps://www.concretecms.org/about/project-news/security/2024-02-04-security-advisoryhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook