CVE-2024-4350
CVSS V2 None
CVSS V3 None
Description
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.0 with a vector of AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for reporting.
Overview
- CVE ID
- CVE-2024-4350
- Assigner
- ConcreteCMS
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-09T00:37:44.009Z
- Last Modified Date
- 2024-08-09T00:37:44.009Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-4350 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4350 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-08-09 13:03:37 | Added to TrackCVE |