Lucene search
PRIOn knowledge basePRION:CVE-2024-2179HistoryMar 05, 2024 - 9:15 p.m.
Input validation
2024-03-0521:15:00
PRIOn knowledge base
www.prio-n.com
2
concrete cms
vulnerability
stored xss
group name field
input validation
security advisory
Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.
Related
cve
cve
CVE-2024-2179
2024-03-05 21:15:09
osv
osv
Concrete CMS Stored Cross-site Scripting vulnerability
2024-03-05 21:30:25
cvelist
cvelist
veracode
veracode
Cross Site Scripting
2024-03-06 06:10:27
github
github
Concrete CMS Stored Cross-site Scripting vulnerability
2024-03-05 21:30:25
nvd
nvd
CVE-2024-2179
2024-03-05 21:15:09