CVE-2024-4350

CVSS V2 None CVSS V3 None
Description
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.0 with a vector of AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator  and a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N  Thanks, m3dium for reporting.
Overview
  • CVE ID
  • CVE-2024-4350
  • Assigner
  • ConcreteCMS
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-08-09T00:37:44.009Z
  • Last Modified Date
  • 2024-08-09T00:37:44.009Z
History
Created Old Value New Value Data Type Notes
2024-08-09 13:03:37 Added to TrackCVE