Lucene search

K
osvGoogleOSV:CVE-2024-8291
HistorySep 25, 2024 - 1:15 a.m.

CVE-2024-8291

2024-09-2501:15:46
Google
osv.dev
2
concrete cms
vulnerability
stored xss
versions 9.0.0 to 9.3.3
versions below 8.5.19

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS4

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

21.3%

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.Β  A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Β Thanks,Β  Alexey Solovyev for reporting.

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS4

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

21.3%

Related for OSV:CVE-2024-8291