Lucene search

Concrete CMS vulnerable to stored XSS via the Role Name field

🗓️ 09 Feb 2024 21:57:30Reported by GoogleType

osv🔗 osv.dev👁 10 Views

Concrete CMS 9.2.5 Vulnerable to Stored XS

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2024-1247 Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field	9 Feb 202418:58	–	cvelist
Vulnrichment	CVE-2024-1247 Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field	9 Feb 202418:58	–	vulnrichment
Prion	Input validation	9 Feb 202419:15	–	prion
CVE	CVE-2024-1247	9 Feb 202419:15	–	cve
NVD	CVE-2024-1247	9 Feb 202419:15	–	nvd
Veracode	Cross Site Scripting (XSS)	12 Feb 202407:19	–	veracode
Github Security Blog	Concrete CMS vulnerable to stored XSS via the Role Name field	9 Feb 202421:30	–	github
GithubExploit	Exploit for Cross-site Scripting in Concretecms Concrete Cms	15 Jan 202511:13	–	githubexploit

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-1247
github	www.github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953
documentation	www.documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes
github	www.github.com/concretecms/concretecms
concretecms	www.concretecms.org/about/project-news/security/2024-02-04-security-advisory

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Feb 2024 21:30Current

6Medium risk

Vulners AI Score6

CVSS32 - 4.8

EPSS0.04831

SSVC