CVE-2024-3181

EUVD-2024-1277

03.04.2024, 20:15

Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.1 LOW	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
ConcreteCMS	CNA	3.1 LOW	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Affected Products (NVD)

Vendor	Product	Version
concretecms	concrete_cms	𝑥 < 8.5.16
concretecms	concrete_cms	9.0.0 ≤ 𝑥 < 9.2.8

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.

https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.