CVE-2024-3180 Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file

2024-04-0319:00:02

CWE-79

ConcreteCMS

www.cve.org

concrete cms

stored xss

file blocks

security vulnerability

cvss

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

AI Score

3.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Concrete CMS",
    "repo": "https://github.com/concretecms/concretecms",
    "vendor": "Concrete CMS",
    "versions": [
      {
        "lessThan": "9.2.8",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "git"
      },
      {
        "lessThan": "8.5.16",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "git"
      }
    ]
  }
]

References

documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.

documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.