CVE-2024-3801 XSS in S@M CMS

2024-06-2812:44:38

CWE-79

CERT-PL

www.cve.org

cve-2024-3801

s@m cms

reflected xss

0.0004 Low

EPSS

Percentile

9.1%

JSON

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters.
Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "S@M CMS",
    "vendor": "Concept Intermedia",
    "versions": [
      {
        "lessThanOrEqual": "3.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-3800

cert.pl/posts/2024/06/CVE-2024-3800

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-3801