CVE-2024-3180

Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file

Severity Score

3.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.

La versión 9 de Concrete CMS inferior a 9.2.8 y las versiones anteriores inferiores a 8.5.16 son vulnerables a XSS almacenado en bloques de tipo archivo. Antes de la solución, el XSS almacenado podría deberse a que un administrador deshonesto agregaba código malicioso al campo de texto del enlace al crear un bloque de tipo archivo. El equipo de seguridad de Concrete CMS le dio a esta vulnerabilidad una puntuación CVSS v3.1 de 3.1 con un vector de AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A: L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator. Gracias Alexey Solovyev por informar.

Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.

*Credits: Alexey Solovyev

CVSS Scores

ConcreteCMSv3.1 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-04-02 CVE Reserved
2024-04-03 CVE Published
2024-04-04 EPSS Updated
2024-08-30 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

CAPEC-592: Stored XSS

References (2)

URL	Tag	Source
https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=11bcxp5s_gaMTc1NDc0Njk2Mi4xNzA2ODI4MDU1_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=11oa3zn1_gaMTc1NDc0Njk2Mi4xNzA2ODI4MDU1_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Concrete CMS Search vendor "Concrete CMS"		Concrete CMS Search vendor "Concrete CMS" for product "Concrete CMS"				>= 9.0.0 < 9.2.8 Search vendor "Concrete CMS" for product "Concrete CMS" and version " >= 9.0.0 < 9.2.8"		en		Affected
Concrete CMS Search vendor "Concrete CMS"		Concrete CMS Search vendor "Concrete CMS" for product "Concrete CMS"				>= 5.0.0 < 8.5.16 Search vendor "Concrete CMS" for product "Concrete CMS" and version " >= 5.0.0 < 8.5.16"		en		Affected