CVE-2024-3178 Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter

🗓️ 03 Apr 2024 18:31:42Reported by ConcreteCMSType

Concrete CMS versions vulnerable to Cross-site Scripting (XSS) in Advanced File Search Filter due to insufficient validation of administrator provided dat

Reporter	Title	Published	Views	Family All 9
CNNVD	Concrete CMS 安全漏洞	3 Apr 202400:00	–	cnnvd
CVE	CVE-2024-3178	3 Apr 202418:31	–	cve
EUVD	EUVD-2024-1340	3 Oct 202520:07	–	euvd
Github Security Blog	Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter	3 Apr 202421:31	–	github
NVD	CVE-2024-3178	3 Apr 202419:15	–	nvd
OSV	GHSA-XWRH-QXMC-X8C8 Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter	3 Apr 202421:31	–	osv
Positive Technologies	PT-2024-24203 · Unknown · Concrete Cms	3 Apr 202400:00	–	ptsecurity
Veracode	Cross Site Scripting	4 Apr 202405:23	–	veracode
Vulnrichment	CVE-2024-3178 Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter	3 Apr 202418:31	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Concrete CMS",
    "repo": "https://github.com/concretecms/concretecms",
    "vendor": "Concrete CMS",
    "versions": [
      {
        "lessThan": "9.2.8",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "git"
      },
      {
        "lessThan": "8.5.16",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
documentation	www.documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes
documentation	www.documentation.concretecms.org/developers/introduction/version-history/8516-release-notes

30 Aug 2024 21:19Current

4Medium risk

Vulners AI Score4

CVSS 3.13.1

EPSS0.00359

CWE-79