Lucene search

GitHub Advisory DatabaseGHSA-Q25H-JCH8-GFRP

HistoryFeb 09, 2024 - 9:30 p.m.

Concrete CMS vulnerable to stored XSS via the Role Name field

2024-02-0921:30:57

CWE-20

CWE-79

GitHub Advisory Database

github.com

concrete cms

stored xss

role name

version 9.2.5

insufficient validation

administrator

malicious code

security vulnerability

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.

Affected configurations

Vulners

Node

concrete5concrete5Range<9.2.5

CPENameOperatorVersion
concrete5/concrete5lt9.2.5

CPE	Name	Operator	Version
	concrete5/concrete5	lt	9.2.5

References

documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes

github.com/advisories/GHSA-q25h-jch8-gfrp

github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953

nvd.nist.gov/vuln/detail/CVE-2024-1247

www.concretecms.org/about/project-news/security/2024-02-04-security-advisory