Search criteria
309 vulnerabilities found for concrete_cms by concretecms
FKIE_CVE-2025-8573
Vulnerability from fkie_nvd - Published: 2025-08-05 23:15 - Updated: 2025-09-04 15:54
Severity ?
Summary
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev (Noah Cooper) for reporting via HackerOne.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C19307FC-CE44-49FB-AF45-748240634883",
"versionEndExcluding": "9.4.3",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.\u00a0 Version 8 was not affected.\u00a0A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks sealldev\u00a0\u00a0(Noah Cooper) for reporting via HackerOne."
},
{
"lang": "es",
"value": "Las versiones 9 a 9.4.2 de Concrete CMS son vulnerables a XSS almacenado desde la carpeta de inicio en la p\u00e1gina del Panel de Miembros. La versi\u00f3n 8 no se vio afectada. Un administrador malicioso podr\u00eda crear una carpeta maliciosa con XSS a la que se redirigir\u00eda a los usuarios al iniciar sesi\u00f3n. El equipo de seguridad de Concrete CMS otorg\u00f3 a esta vulnerabilidad una puntuaci\u00f3n de 2.0 en CVSS v.4.0 con el vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Gracias a sealldev por informar a trav\u00e9s de HackerOne."
}
],
"id": "CVE-2025-8573",
"lastModified": "2025-09-04T15:54:04.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2025-08-05T23:15:39.190",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Product"
],
"url": "https://www.concretecms.org/download"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8571
Vulnerability from fkie_nvd - Published: 2025-08-05 23:15 - Updated: 2025-09-04 15:54
Severity ?
Summary
Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Fortbridge https://fortbridge.co.uk/ for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * | |
| concretecms | concrete_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "414E2949-3A12-45EB-8B1B-5BA3CF318CAB",
"versionEndExcluding": "8.5.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C19307FC-CE44-49FB-AF45-748240634883",
"versionEndExcluding": "9.4.3",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page.\u00a0Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks Fortbridge https://fortbridge.co.uk/ \u00a0for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue."
},
{
"lang": "es",
"value": "Concrete CMS 9 a 9.4.2 y versiones anteriores a la 8.5.21 son vulnerables a ataques de Cross-Site Scripting (XSS) reflejado en la p\u00e1gina del panel de mensajes de conversaci\u00f3n. La entrada no depurada podr\u00eda provocar el robo de cookies o tokens de sesi\u00f3n, la desfiguraci\u00f3n del contenido web, la redirecci\u00f3n a sitios maliciosos y (si la v\u00edctima es administrador), la ejecuci\u00f3n de acciones no autorizadas. El equipo de seguridad de Concrete CMS otorg\u00f3 a esta vulnerabilidad una puntuaci\u00f3n de 4.8 en CVSS v.4.0 con el vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Gracias a Fortbridge (https://fortbridge.co.uk/) por realizar una prueba de penetraci\u00f3n y una evaluaci\u00f3n de vulnerabilidades en Concrete CMS e informar de este problema."
}
],
"id": "CVE-2025-8571",
"lastModified": "2025-09-04T15:54:06.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2025-08-05T23:15:38.493",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Product"
],
"url": "https://www.concretecms.org/download"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-3153
Vulnerability from fkie_nvd - Published: 2025-04-03 02:15 - Updated: 2025-09-04 15:54
Severity ?
Summary
Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable.
The fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * | |
| concretecms | concrete_cms | * | |
| concretecms | concrete_cms | 9.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A46B07-7808-46B3-8239-5DB5C8EA300A",
"versionEndExcluding": "8.5.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D14920EA-2BF7-4833-89BE-F761AD3CFF56",
"versionEndExcluding": "9.4.0",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:9.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "121AF91E-BABE-45ED-A5E4-847D147E283D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.\u00a0 Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. \nThe fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be \u201clive\u201d if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\u00a0Thanks Myq Larson for reporting."
},
{
"lang": "es",
"value": "Las versiones 9 y anteriores a la 9.4.0RC2 de Concrete CMS y las versiones anteriores a la 8.5.20 son vulnerables a CSRF y XSS en el atributo de direcci\u00f3n de Concrete CMS, ya que las direcciones no se depuran correctamente en la salida cuando no se especifica un pa\u00eds. Los atacantes se limitan a las personas a las que el administrador del sitio les ha otorgado la capacidad de completar un atributo de direcci\u00f3n. El atacante puede obtener informaci\u00f3n limitada del sitio, pero la cantidad y el tipo est\u00e1n restringidos por los controles de mitigaci\u00f3n y el nivel de acceso del atacante. La modificaci\u00f3n de datos es limitada. La p\u00e1gina del panel de control podr\u00eda quedar indisponible. Esta correcci\u00f3n solo depura los nuevos datos subidos despu\u00e9s de la actualizaci\u00f3n a Concrete CMS 9.4.0RC2. Las entradas de la base de datos existentes agregadas antes de la actualizaci\u00f3n seguir\u00e1n activas si se agregaron exploits exitosos en versiones anteriores; se recomienda una b\u00fasqueda en la base de datos. El equipo de seguridad de Concrete CMS le otorg\u00f3 a esta vulnerabilidad un puntaje CVSS v.4.0 de 5,1 con el vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Gracias Myq Larson por informar."
}
],
"id": "CVE-2025-3153",
"lastModified": "2025-09-04T15:54:07.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2025-04-03T02:15:20.733",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12511"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12512"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://github.com/concretecms/concretecms/releases/tag/8.5.20"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-0660
Vulnerability from fkie_nvd - Published: 2025-03-10 21:15 - Updated: 2025-09-04 15:54
Severity ?
Summary
Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D14920EA-2BF7-4833-89BE-F761AD3CFF56",
"versionEndExcluding": "9.4.0",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The \"Add Folder\" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.\u00a0\u00a0The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph\u00a0for reporting."
},
{
"lang": "es",
"value": "Las versiones 9.0.0 a 9.3.9 de Concrete CMS se ven afectadas por un XSS almacenado en la funci\u00f3n de carpeta. La funcionalidad \"Agregar carpeta\" carece de depuraci\u00f3n de entrada, lo que permite que un administrador malintencionado inyecte payloads XSS como nombres de carpeta. El equipo de seguridad de Concrete CMS le dio a esta vulnerabilidad una puntuaci\u00f3n CVSS 4.0 de 4.8 con el vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Las versiones anteriores a la 9 no se ven afectadas. Gracias, Alfin Joseph, por informar."
}
],
"id": "CVE-2025-0660",
"lastModified": "2025-09-04T15:54:11.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2025-03-10T21:15:40.110",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/concretecms/bedrock/pull/370"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12454"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-8291
Vulnerability from fkie_nvd - Published: 2024-09-25 01:15 - Updated: 2025-01-17 22:15
Severity ?
Summary
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22477475-FE69-4804-B73E-B3F268F16FE7",
"versionEndExcluding": "9.3.3",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.\u00a0 A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks,\u00a0 Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)."
},
{
"lang": "es",
"value": "Las versiones 9.0.0 a 9.3.3 y anteriores a 8.5.19 de Concrete CMS son vulnerables a XSS almacenado en el color de fondo del editor de im\u00e1genes. Un administrador malintencionado podr\u00eda agregar c\u00f3digo malicioso a las miniaturas/tipo de adici\u00f3n. El equipo de seguridad de Concrete CMS le otorg\u00f3 a esto una puntuaci\u00f3n CVSS v4 de 2,1 con el vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Gracias, Alexey Solovyev, por informarnos."
}
],
"id": "CVE-2024-8291",
"lastModified": "2025-01-17T22:15:29.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2024-09-25T01:15:46.193",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Patch"
],
"url": "https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12183"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-7398
Vulnerability from fkie_nvd - Published: 2024-09-25 01:15 - Updated: 2025-01-21 00:15
Severity ?
Summary
Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting. CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * | |
| concretecms | concrete_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769A8B9B-EB8B-436C-AF90-98527AEB0128",
"versionEndExcluding": "8.5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22477475-FE69-4804-B73E-B3F268F16FE7",
"versionEndExcluding": "9.3.3",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting.\u00a0CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)"
},
{
"lang": "es",
"value": "Las versiones 9 a 9.3.3 de Concrete CMS y las versiones anteriores a 8.5.19 son vulnerables a XSS almacenado en la funci\u00f3n de adici\u00f3n de eventos del calendario porque el nombre del evento del calendario no se sane\u00f3 en la salida. Los usuarios o grupos con permiso para crear calendarios de eventos pueden incrustar scripts, y los usuarios o grupos con permiso para modificar calendarios de eventos pueden ejecutar scripts. El equipo de seguridad de Concrete CMS le dio a esta vulnerabilidad una puntuaci\u00f3n CVSS v4 de 1.8 con el vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N. Gracias, Yusuke Uchida, por informar."
}
],
"id": "CVE-2024-7398",
"lastModified": "2025-01-21T00:15:25.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2024-09-25T01:15:45.403",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Patch"
],
"url": "https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12183"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12184"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-8660
Vulnerability from fkie_nvd - Published: 2024-09-17 19:15 - Updated: 2024-09-23 23:00
Severity ?
Summary
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a
stored XSS vulnerability in the "Top Navigator Bar" block.
Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6
with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This
does not affect versions below 9.0.0 since they do not have the Top
Navigator Bar Block. Thanks, Chu Quoc Khanh for reporting.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC31A92-D0E7-470F-9241-E416ECB32A97",
"versionEndExcluding": "9.3.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9.0.0 through 9.3.3 are affected by a\nstored XSS vulnerability in the \"Top Navigator Bar\" block.\nSince the \"Top Navigator Bar\" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6\nwith vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This\ndoes not affect versions below 9.0.0 since they do not have the Top\nNavigator Bar Block. Thanks, Chu Quoc Khanh for reporting."
},
{
"lang": "es",
"value": "Las versiones 9.0.0 a 9.3.3 de Concrete CMS se ven afectadas por una vulnerabilidad XSS almacenado en el bloque \"Barra de navegaci\u00f3n superior\". Dado que la salida de la \"Barra de navegaci\u00f3n superior\" no se desinfect\u00f3 lo suficiente, un administrador malintencionado podr\u00eda agregar una carga maliciosa que podr\u00eda ejecutarse cuando los usuarios objetivo visitaran la p\u00e1gina de inicio. El equipo de seguridad de Concrete CMS le dio a esta vulnerabilidad una puntuaci\u00f3n CVSS v4 de 4,6 con el vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . Esto no afecta a las versiones anteriores a la 9.0.0, ya que no tienen el bloque de la barra de navegaci\u00f3n superior. Gracias, Chu Quoc Khanh, por informarnos."
}
],
"id": "CVE-2024-8660",
"lastModified": "2024-09-23T23:00:00.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2024-09-17T19:15:28.953",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12128"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-8661
Vulnerability from fkie_nvd - Published: 2024-09-16 18:15 - Updated: 2024-12-16 19:08
Severity ?
Summary
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Since the "Next&Previous Nav" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users. Thanks, Chu Quoc Khanh for reporting.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * | |
| concretecms | concrete_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769A8B9B-EB8B-436C-AF90-98527AEB0128",
"versionEndExcluding": "8.5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0539836E-CF70-4B8E-9BE5-B8F0240B8EDB",
"versionEndExcluding": "9.3.4",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the \"Next\u0026Previous Nav\" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N \u00a0Since the \"Next\u0026Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users.\u00a0Thanks, Chu Quoc Khanh for reporting."
},
{
"lang": "es",
"value": "Las versiones 9.0.0 a 9.3.4 y anteriores a 8.5.18 de Concrete CMS son vulnerables a XSS almacenado en el bloque \"Navegaci\u00f3n anterior y siguiente\". Un administrador malintencionado podr\u00eda agregar una carga maliciosa ejecut\u00e1ndola en los navegadores de los usuarios afectados. El equipo de seguridad de Concrete CMS le otorg\u00f3 a esta vulnerabilidad una puntuaci\u00f3n CVSS v4 de 4,6 con el vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Dado que la salida del bloque \"Next\u0026amp;Previous Nav\" no se desinfect\u00f3 lo suficiente, la carga maliciosa podr\u00eda ejecutarse en los navegadores de los usuarios afectados. Gracias, Chu Quoc Khanh, por informar."
}
],
"id": "CVE-2024-8661",
"lastModified": "2024-12-16T19:08:45.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2024-09-16T18:15:54.583",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes"
],
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Patch"
],
"url": "https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12204"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-7512
Vulnerability from fkie_nvd - Published: 2024-08-12 13:38 - Updated: 2025-01-17 21:15
Severity ?
Summary
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22477475-FE69-4804-B73E-B3F268F16FE7",
"versionEndExcluding": "9.3.3",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)"
},
{
"lang": "es",
"value": "Las versiones 9.0.0 a 9.3.2 de Concrete CMS se ven afectadas por una vulnerabilidad XSS almacenado en instancias de Board. Un administrador deshonesto podr\u00eda inyectar c\u00f3digo malicioso. El equipo de seguridad de Concrete CMS le dio a esta vulnerabilidad una puntuaci\u00f3n CVSS 4.0 de 1.8 con el vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA :N/SC:N/SI:N/SA: N. Las versiones inferiores a 9 no se ven afectadas. Gracias, m3dium por informar."
}
],
"id": "CVE-2024-7512",
"lastModified": "2025-01-17T21:15:10.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2024-08-12T13:38:43.590",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/2486344"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-4350
Vulnerability from fkie_nvd - Published: 2024-08-12 13:38 - Updated: 2025-09-25 19:15
Severity ?
Summary
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| concretecms | concrete_cms | * | |
| concretecms | concrete_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4066C924-46C2-48F4-AA67-2664B6AC24FE",
"versionEndExcluding": "8.5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22477475-FE69-4804-B73E-B3F268F16FE7",
"versionEndExcluding": "9.3.3",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\u00a0Thanks, m3dium for\u00a0reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)"
},
{
"lang": "es",
"value": "Las versiones de Concrete CMS 9.0.0 a 9.3.2 y anteriores a 8.5.18 son vulnerables a XSS Almacenado en RSS Displayer cuando la entrada del usuario se almacena y luego se integra en las respuestas. Un administrador deshonesto podr\u00eda inyectar c\u00f3digo malicioso en los campos debido a una validaci\u00f3n de entrada insuficiente. El equipo de seguridad de Concrete CMS le dio a esta vulnerabilidad una puntuaci\u00f3n CVSS v3.1 de 3.0 con un vector de AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A: N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator y una puntuaci\u00f3n CVSS v4 de 2,1 con el vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI :N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/ AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Gracias, m3dium por informar."
}
],
"id": "CVE-2024-4350",
"lastModified": "2025-09-25T19:15:41.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
}
]
},
"published": "2024-08-12T13:38:36.460",
"references": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Patch"
],
"url": "https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06"
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12166"
}
],
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-8571 (GCVE-0-2025-8571)
Vulnerability from cvelistv5 – Published: 2025-08-05 22:37 – Updated: 2025-08-06 20:25
VLAI?
Summary
Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Fortbridge https://fortbridge.co.uk/ for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.4.3
(patch)
Affected: 5.6 , < 8.5.21 (patch) |
Credits
Fortbridge
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8571",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T16:14:47.226664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T20:25:03.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.4.3",
"status": "affected",
"version": "9.0.0",
"versionType": "patch"
},
{
"lessThan": "8.5.21",
"status": "affected",
"version": "5.6",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fortbridge"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page.\u0026nbsp;Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThanks \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://fortbridge.co.uk/\"\u003eFortbridge\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page.\u00a0Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks Fortbridge https://fortbridge.co.uk/ \u00a0for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T22:37:14.759Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"
},
{
"url": "https://www.concretecms.org/download"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2025-8571",
"datePublished": "2025-08-05T22:37:14.759Z",
"dateReserved": "2025-08-04T21:50:20.743Z",
"dateUpdated": "2025-08-06T20:25:03.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8573 (GCVE-0-2025-8573)
Vulnerability from cvelistv5 – Published: 2025-08-05 22:36 – Updated: 2025-08-11 17:18
VLAI?
Summary
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev (Noah Cooper) for reporting via HackerOne.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.4.3
(patch)
|
Credits
sealldev (Noah Cooper)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T14:08:41.609277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T14:08:56.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"programFiles": [
"https://github.com/concretecms/concretecms"
],
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.4.3",
"status": "affected",
"version": "9.0.0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sealldev (Noah Cooper)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.\u0026nbsp; Version 8 was not affected.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA rogue admin could set up a malicious folder containing XSS to which users could be directed upon login.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThanks sealldev\u0026nbsp;\u003cspan style=\"background-color: rgb(222, 235, 255);\"\u003e\u0026nbsp;(Noah Cooper)\u003c/span\u003e for reporting via HackerOne.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.\u00a0 Version 8 was not affected.\u00a0A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks sealldev\u00a0\u00a0(Noah Cooper) for reporting via HackerOne."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T17:18:44.249Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://www.concretecms.org/download"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"
}
],
"source": {
"advisory": "3145536",
"defect": [
"HackerOne"
],
"discovery": "EXTERNAL"
},
"title": "Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2025-8573",
"datePublished": "2025-08-05T22:36:48.712Z",
"dateReserved": "2025-08-04T23:10:03.162Z",
"dateUpdated": "2025-08-11T17:18:44.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3153 (GCVE-0-2025-3153)
Vulnerability from cvelistv5 – Published: 2025-04-03 00:17 – Updated: 2025-04-03 18:41
VLAI?
Summary
Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable.
The fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9 , ≤ 9.3.4RC1
(git)
Affected: 5 , < 8.5.20 (git) |
Credits
Myq Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:04:27.483105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:04:44.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThanOrEqual": "9.3.4RC1",
"status": "affected",
"version": "9",
"versionType": "git"
},
{
"lessThan": "8.5.20",
"status": "affected",
"version": "5",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Myq Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eConcrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.\u0026nbsp; Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. \u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be \u201clive\u201d if there were successful exploits added under previous versions; a database search is recommended. \u003c/span\u003eThe Concrete CMS security team gave this vulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Thanks Myq Larson for reporting. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.\u00a0 Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. \nThe fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be \u201clive\u201d if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\u00a0Thanks Myq Larson for reporting."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T18:41:46.322Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://github.com/concretecms/concretecms/pull/12512"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12511"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"
},
{
"url": "https://github.com/concretecms/concretecms/releases/tag/8.5.20"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2025-3153",
"datePublished": "2025-04-03T00:17:14.553Z",
"dateReserved": "2025-04-02T21:09:20.942Z",
"dateUpdated": "2025-04-03T18:41:46.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0660 (GCVE-0-2025-0660)
Vulnerability from cvelistv5 – Published: 2025-03-10 20:57 – Updated: 2025-03-11 15:38
VLAI?
Summary
Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.4.0
(git)
|
Credits
Alfin Joseph
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:38:19.884152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:38:49.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.4.0",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alfin Joseph"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.\u003cspan style=\"background-color: transparent;\"\u003eThe \"Add Folder\" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.\u003c/span\u003e\u0026nbsp;\u0026nbsp;The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph\u0026nbsp;for reporting.\u0026nbsp;"
}
],
"value": "Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The \"Add Folder\" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.\u00a0\u00a0The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph\u00a0for reporting."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T20:57:57.707Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12454"
},
{
"tags": [
"patch"
],
"url": "https://github.com/concretecms/bedrock/pull/370"
}
],
"source": {
"advisory": "https://hackerone.com/reports/2941432",
"defect": [
"HackerOne"
],
"discovery": "EXTERNAL"
},
"title": "Stored XSS in Folder Function by Rogue Admin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2025-0660",
"datePublished": "2025-03-10T20:57:57.707Z",
"dateReserved": "2025-01-22T23:27:46.011Z",
"dateUpdated": "2025-03-11T15:38:49.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7398 (GCVE-0-2024-7398)
Vulnerability from cvelistv5 – Published: 2024-09-24 21:30 – Updated: 2025-01-20 23:50
VLAI?
Summary
Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting. CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.4
(git)
Affected: 5.0.0 , < 8.5.19 (git) |
Credits
Yusuke Uchida
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:04:57.193458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:05:05.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
},
{
"lessThan": "8.5.19",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yusuke Uchida"
}
],
"datePublic": "2024-09-03T18:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eConcrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting.\u00a0CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T23:50:45.544Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12183"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12184"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"
}
],
"source": {
"advisory": "2400810",
"defect": [
"HackerOne"
],
"discovery": "UNKNOWN"
},
"title": "Concrete CMS Stored XSS Vulnerability in Calendar Event Addition Feature",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-7398",
"datePublished": "2024-09-24T21:30:37.336Z",
"dateReserved": "2024-08-01T22:11:50.367Z",
"dateUpdated": "2025-01-20T23:50:45.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8291 (GCVE-0-2024-8291)
Vulnerability from cvelistv5 – Published: 2024-09-24 21:17 – Updated: 2025-01-17 21:44
VLAI?
Summary
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.4
(git)
Affected: 5.0.0 , < 8.5.19 (git) |
Credits
Alexey Solovyev
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:05:39.449524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:05:48.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/concretecms/concretecms",
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
},
{
"lessThan": "8.5.19",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alexey Solovyev"
}
],
"datePublic": "2024-09-03T18:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eConcrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.\u0026nbsp; A rogue admin could add malicious code to the Thumbnails/Add-Type. \u003cspan style=\"background-color: transparent;\"\u003eThe Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\"\u003e\u003c/a\u003eCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u0026nbsp;\u003c/span\u003eThanks,\u0026nbsp; Alexey Solovyev for reporting. (\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eCNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.\u00a0 A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks,\u00a0 Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T21:44:15.351Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://github.com/concretecms/concretecms/pull/12183"
},
{
"url": "https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065"
},
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
}
],
"source": {
"advisory": "921527",
"defect": [
"HackerOne"
],
"discovery": "UNKNOWN"
},
"title": "Concrete CMS Stored XSS in Image Editor Background Color",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-8291",
"datePublished": "2024-09-24T21:17:00.734Z",
"dateReserved": "2024-08-28T21:31:49.962Z",
"dateUpdated": "2025-01-17T21:44:15.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8660 (GCVE-0-2024-8660)
Vulnerability from cvelistv5 – Published: 2024-09-17 18:13 – Updated: 2024-09-18 14:26
VLAI?
Summary
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a
stored XSS vulnerability in the "Top Navigator Bar" block.
Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6
with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This
does not affect versions below 9.0.0 since they do not have the Top
Navigator Bar Block. Thanks, Chu Quoc Khanh for reporting.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.4
(git)
|
Credits
Chu Quoc Khanh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:26:10.187431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:26:21.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"programFiles": [
"https://github.com/concretecms/concretecms"
],
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chu Quoc Khanh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eConcrete CMS versions 9.0.0 through 9.3.3 are affected by a\nstored XSS vulnerability in the \"Top Navigator Bar\" block.\n\u003cspan style=\"background-color: var(--wht);\"\u003eSince the \"Top Navigator Bar\" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.\u003c/span\u003eThe Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6\nwith vector \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\"\u003eCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\u003c/a\u003e. This\ndoes not affect versions below 9.0.0 since they do not have the Top\nNavigator Bar Block. Thanks, Chu Quoc Khanh for reporting. \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 through 9.3.3 are affected by a\nstored XSS vulnerability in the \"Top Navigator Bar\" block.\nSince the \"Top Navigator Bar\" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6\nwith vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This\ndoes not affect versions below 9.0.0 since they do not have the Top\nNavigator Bar Block. Thanks, Chu Quoc Khanh for reporting."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T18:13:59.210Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12128"
}
],
"source": {
"advisory": "2610205",
"defect": [
"HackerOne"
],
"discovery": "UNKNOWN"
},
"title": "Stored XSS in the \"Top Navigator Bar\" block",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-8660",
"datePublished": "2024-09-17T18:13:59.210Z",
"dateReserved": "2024-09-10T16:23:36.368Z",
"dateUpdated": "2024-09-18T14:26:21.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8661 (GCVE-0-2024-8661)
Vulnerability from cvelistv5 – Published: 2024-09-16 17:37 – Updated: 2024-09-25 15:36
VLAI?
Summary
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Since the "Next&Previous Nav" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users. Thanks, Chu Quoc Khanh for reporting.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.4
(git)
Affected: 5.0.0 , < 8.5.19 (git) |
Credits
Chu Quoc Khanh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T20:05:43.165341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T20:06:00.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"programFiles": [
"https://github.com/concretecms/concretecms"
],
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
},
{
"lessThan": "8.5.19",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Chu Quoc Khanh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the \"Next\u0026amp;Previous Nav\" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\"\u003e\u003cspan style=\"background-color: transparent;\"\u003e CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\u003c/span\u003e\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eSince the \"Next\u0026amp;Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users.\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;Thanks, Chu Quoc Khanh for reporting.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the \"Next\u0026Previous Nav\" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N \u00a0Since the \"Next\u0026Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users.\u00a0Thanks, Chu Quoc Khanh for reporting."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:36:20.874Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12204"
},
{
"url": "https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4"
}
],
"source": {
"advisory": "2610205",
"defect": [
"HackerOne"
],
"discovery": "UNKNOWN"
},
"title": "Concrete CMS version 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the \"Next\u0026Previous Nav\" block",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-8661",
"datePublished": "2024-09-16T17:37:29.363Z",
"dateReserved": "2024-09-10T16:27:46.768Z",
"dateUpdated": "2024-09-25T15:36:20.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4350 (GCVE-0-2024-4350)
Vulnerability from cvelistv5 – Published: 2024-08-09 00:37 – Updated: 2025-09-25 18:52
VLAI?
Summary
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.3
(git)
Affected: 5.0.0 , < 8.5.18 (git) |
Credits
m3dium
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T12:51:55.078328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T12:52:02.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.3",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
},
{
"lessThan": "8.5.18",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m3dium"
}
],
"datePublic": "2024-08-07T21:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eConcrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVSS v4 score of 5.1 with vector\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\"\u003e \u003c/a\u003eCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eThanks, m3dium for\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003ereporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\u00a0Thanks, m3dium for\u00a0reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:52:13.888Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://github.com/concretecms/concretecms/pull/12166"
},
{
"url": "https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041"
},
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041"
}
],
"source": {
"advisory": "https://hackerone.com/reports/2479824",
"discovery": "EXTERNAL"
},
"title": "Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-4350",
"datePublished": "2024-08-09T00:37:44.009Z",
"dateReserved": "2024-04-30T15:31:19.182Z",
"dateUpdated": "2025-09-25T18:52:13.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7512 (GCVE-0-2024-7512)
Vulnerability from cvelistv5 – Published: 2024-08-09 00:19 – Updated: 2025-01-17 21:04
VLAI?
Summary
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , ≤ 9.3.2
(git)
|
Credits
m3dium
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T13:49:33.387455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T13:49:43.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThanOrEqual": "9.3.2",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m3dium"
}
],
"datePublic": "2024-08-07T20:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eConcrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T21:04:53.122Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://hackerone.com/reports/2486344"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041"
}
],
"source": {
"advisory": "https://hackerone.com/reports/2486344",
"defect": [
"HackerOne"
],
"discovery": "EXTERNAL"
},
"title": "Concrete CMS Stored XSS in Board instances",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-7512",
"datePublished": "2024-08-09T00:19:14.082Z",
"dateReserved": "2024-08-05T20:11:31.174Z",
"dateUpdated": "2025-01-17T21:04:53.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8571 (GCVE-0-2025-8571)
Vulnerability from nvd – Published: 2025-08-05 22:37 – Updated: 2025-08-06 20:25
VLAI?
Summary
Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Fortbridge https://fortbridge.co.uk/ for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.4.3
(patch)
Affected: 5.6 , < 8.5.21 (patch) |
Credits
Fortbridge
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8571",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T16:14:47.226664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T20:25:03.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.4.3",
"status": "affected",
"version": "9.0.0",
"versionType": "patch"
},
{
"lessThan": "8.5.21",
"status": "affected",
"version": "5.6",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fortbridge"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page.\u0026nbsp;Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThanks \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://fortbridge.co.uk/\"\u003eFortbridge\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page.\u00a0Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks Fortbridge https://fortbridge.co.uk/ \u00a0for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T22:37:14.759Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8521-release-notes"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"
},
{
"url": "https://www.concretecms.org/download"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2025-8571",
"datePublished": "2025-08-05T22:37:14.759Z",
"dateReserved": "2025-08-04T21:50:20.743Z",
"dateUpdated": "2025-08-06T20:25:03.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8573 (GCVE-0-2025-8573)
Vulnerability from nvd – Published: 2025-08-05 22:36 – Updated: 2025-08-11 17:18
VLAI?
Summary
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev (Noah Cooper) for reporting via HackerOne.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.4.3
(patch)
|
Credits
sealldev (Noah Cooper)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T14:08:41.609277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T14:08:56.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"programFiles": [
"https://github.com/concretecms/concretecms"
],
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.4.3",
"status": "affected",
"version": "9.0.0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sealldev (Noah Cooper)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.\u0026nbsp; Version 8 was not affected.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA rogue admin could set up a malicious folder containing XSS to which users could be directed upon login.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThanks sealldev\u0026nbsp;\u003cspan style=\"background-color: rgb(222, 235, 255);\"\u003e\u0026nbsp;(Noah Cooper)\u003c/span\u003e for reporting via HackerOne.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.\u00a0 Version 8 was not affected.\u00a0A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks sealldev\u00a0\u00a0(Noah Cooper) for reporting via HackerOne."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T17:18:44.249Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://www.concretecms.org/download"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes"
}
],
"source": {
"advisory": "3145536",
"defect": [
"HackerOne"
],
"discovery": "EXTERNAL"
},
"title": "Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2025-8573",
"datePublished": "2025-08-05T22:36:48.712Z",
"dateReserved": "2025-08-04T23:10:03.162Z",
"dateUpdated": "2025-08-11T17:18:44.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3153 (GCVE-0-2025-3153)
Vulnerability from nvd – Published: 2025-04-03 00:17 – Updated: 2025-04-03 18:41
VLAI?
Summary
Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable.
The fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9 , ≤ 9.3.4RC1
(git)
Affected: 5 , < 8.5.20 (git) |
Credits
Myq Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:04:27.483105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:04:44.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThanOrEqual": "9.3.4RC1",
"status": "affected",
"version": "9",
"versionType": "git"
},
{
"lessThan": "8.5.20",
"status": "affected",
"version": "5",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Myq Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eConcrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.\u0026nbsp; Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. \u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be \u201clive\u201d if there were successful exploits added under previous versions; a database search is recommended. \u003c/span\u003eThe Concrete CMS security team gave this vulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Thanks Myq Larson for reporting. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.\u00a0 Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable. \nThe fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be \u201clive\u201d if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\u00a0Thanks Myq Larson for reporting."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T18:41:46.322Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://github.com/concretecms/concretecms/pull/12512"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12511"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"
},
{
"url": "https://github.com/concretecms/concretecms/releases/tag/8.5.20"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2025-3153",
"datePublished": "2025-04-03T00:17:14.553Z",
"dateReserved": "2025-04-02T21:09:20.942Z",
"dateUpdated": "2025-04-03T18:41:46.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0660 (GCVE-0-2025-0660)
Vulnerability from nvd – Published: 2025-03-10 20:57 – Updated: 2025-03-11 15:38
VLAI?
Summary
Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.4.0
(git)
|
Credits
Alfin Joseph
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:38:19.884152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:38:49.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.4.0",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alfin Joseph"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.\u003cspan style=\"background-color: transparent;\"\u003eThe \"Add Folder\" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.\u003c/span\u003e\u0026nbsp;\u0026nbsp;The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph\u0026nbsp;for reporting.\u0026nbsp;"
}
],
"value": "Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The \"Add Folder\" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.\u00a0\u00a0The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph\u00a0for reporting."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T20:57:57.707Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/concretecms/concretecms/pull/12454"
},
{
"tags": [
"patch"
],
"url": "https://github.com/concretecms/bedrock/pull/370"
}
],
"source": {
"advisory": "https://hackerone.com/reports/2941432",
"defect": [
"HackerOne"
],
"discovery": "EXTERNAL"
},
"title": "Stored XSS in Folder Function by Rogue Admin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2025-0660",
"datePublished": "2025-03-10T20:57:57.707Z",
"dateReserved": "2025-01-22T23:27:46.011Z",
"dateUpdated": "2025-03-11T15:38:49.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7398 (GCVE-0-2024-7398)
Vulnerability from nvd – Published: 2024-09-24 21:30 – Updated: 2025-01-20 23:50
VLAI?
Summary
Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting. CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.4
(git)
Affected: 5.0.0 , < 8.5.19 (git) |
Credits
Yusuke Uchida
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:04:57.193458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:05:05.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
},
{
"lessThan": "8.5.19",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yusuke Uchida"
}
],
"datePublic": "2024-09-03T18:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eConcrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting.\u00a0CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T23:50:45.544Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://github.com/concretecms/concretecms/commit/7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12183"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12184"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"
}
],
"source": {
"advisory": "2400810",
"defect": [
"HackerOne"
],
"discovery": "UNKNOWN"
},
"title": "Concrete CMS Stored XSS Vulnerability in Calendar Event Addition Feature",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-7398",
"datePublished": "2024-09-24T21:30:37.336Z",
"dateReserved": "2024-08-01T22:11:50.367Z",
"dateUpdated": "2025-01-20T23:50:45.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8291 (GCVE-0-2024-8291)
Vulnerability from nvd – Published: 2024-09-24 21:17 – Updated: 2025-01-17 21:44
VLAI?
Summary
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.4
(git)
Affected: 5.0.0 , < 8.5.19 (git) |
Credits
Alexey Solovyev
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:05:39.449524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:05:48.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/concretecms/concretecms",
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
},
{
"lessThan": "8.5.19",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alexey Solovyev"
}
],
"datePublic": "2024-09-03T18:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eConcrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.\u0026nbsp; A rogue admin could add malicious code to the Thumbnails/Add-Type. \u003cspan style=\"background-color: transparent;\"\u003eThe Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\"\u003e\u003c/a\u003eCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u0026nbsp;\u003c/span\u003eThanks,\u0026nbsp; Alexey Solovyev for reporting. (\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eCNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.\u00a0 A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks,\u00a0 Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T21:44:15.351Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://github.com/concretecms/concretecms/pull/12183"
},
{
"url": "https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065"
},
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
}
],
"source": {
"advisory": "921527",
"defect": [
"HackerOne"
],
"discovery": "UNKNOWN"
},
"title": "Concrete CMS Stored XSS in Image Editor Background Color",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-8291",
"datePublished": "2024-09-24T21:17:00.734Z",
"dateReserved": "2024-08-28T21:31:49.962Z",
"dateUpdated": "2025-01-17T21:44:15.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8660 (GCVE-0-2024-8660)
Vulnerability from nvd – Published: 2024-09-17 18:13 – Updated: 2024-09-18 14:26
VLAI?
Summary
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a
stored XSS vulnerability in the "Top Navigator Bar" block.
Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6
with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This
does not affect versions below 9.0.0 since they do not have the Top
Navigator Bar Block. Thanks, Chu Quoc Khanh for reporting.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.4
(git)
|
Credits
Chu Quoc Khanh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:26:10.187431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:26:21.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"programFiles": [
"https://github.com/concretecms/concretecms"
],
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chu Quoc Khanh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eConcrete CMS versions 9.0.0 through 9.3.3 are affected by a\nstored XSS vulnerability in the \"Top Navigator Bar\" block.\n\u003cspan style=\"background-color: var(--wht);\"\u003eSince the \"Top Navigator Bar\" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.\u003c/span\u003eThe Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6\nwith vector \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\"\u003eCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\u003c/a\u003e. This\ndoes not affect versions below 9.0.0 since they do not have the Top\nNavigator Bar Block. Thanks, Chu Quoc Khanh for reporting. \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 through 9.3.3 are affected by a\nstored XSS vulnerability in the \"Top Navigator Bar\" block.\nSince the \"Top Navigator Bar\" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6\nwith vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This\ndoes not affect versions below 9.0.0 since they do not have the Top\nNavigator Bar Block. Thanks, Chu Quoc Khanh for reporting."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T18:13:59.210Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12128"
}
],
"source": {
"advisory": "2610205",
"defect": [
"HackerOne"
],
"discovery": "UNKNOWN"
},
"title": "Stored XSS in the \"Top Navigator Bar\" block",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-8660",
"datePublished": "2024-09-17T18:13:59.210Z",
"dateReserved": "2024-09-10T16:23:36.368Z",
"dateUpdated": "2024-09-18T14:26:21.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8661 (GCVE-0-2024-8661)
Vulnerability from nvd – Published: 2024-09-16 17:37 – Updated: 2024-09-25 15:36
VLAI?
Summary
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Since the "Next&Previous Nav" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users. Thanks, Chu Quoc Khanh for reporting.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.4
(git)
Affected: 5.0.0 , < 8.5.19 (git) |
Credits
Chu Quoc Khanh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T20:05:43.165341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T20:06:00.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"programFiles": [
"https://github.com/concretecms/concretecms"
],
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.4",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
},
{
"lessThan": "8.5.19",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Chu Quoc Khanh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the \"Next\u0026amp;Previous Nav\" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\"\u003e\u003cspan style=\"background-color: transparent;\"\u003e CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\u003c/span\u003e\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eSince the \"Next\u0026amp;Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users.\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;Thanks, Chu Quoc Khanh for reporting.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the \"Next\u0026Previous Nav\" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N \u00a0Since the \"Next\u0026Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users.\u00a0Thanks, Chu Quoc Khanh for reporting."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:36:20.874Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes"
},
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes"
},
{
"url": "https://github.com/concretecms/concretecms/pull/12204"
},
{
"url": "https://github.com/concretecms/concretecms/commit/ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4"
}
],
"source": {
"advisory": "2610205",
"defect": [
"HackerOne"
],
"discovery": "UNKNOWN"
},
"title": "Concrete CMS version 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the \"Next\u0026Previous Nav\" block",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-8661",
"datePublished": "2024-09-16T17:37:29.363Z",
"dateReserved": "2024-09-10T16:27:46.768Z",
"dateUpdated": "2024-09-25T15:36:20.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4350 (GCVE-0-2024-4350)
Vulnerability from nvd – Published: 2024-08-09 00:37 – Updated: 2025-09-25 18:52
VLAI?
Summary
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.3.3
(git)
Affected: 5.0.0 , < 8.5.18 (git) |
Credits
m3dium
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T12:51:55.078328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T12:52:02.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.3.3",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
},
{
"lessThan": "8.5.18",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m3dium"
}
],
"datePublic": "2024-08-07T21:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eConcrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVSS v4 score of 5.1 with vector\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\"\u003e \u003c/a\u003eCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eThanks, m3dium for\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003ereporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\u00a0Thanks, m3dium for\u00a0reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:52:13.888Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://github.com/concretecms/concretecms/pull/12166"
},
{
"url": "https://github.com/concretecms/concretecms/commit/c08d9671cec4e7afdabb547339c4bc0bed8eab06"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723060415d52041"
},
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8518-release-notes?pk_vid=e367a434ef4830491723055758d52041"
}
],
"source": {
"advisory": "https://hackerone.com/reports/2479824",
"discovery": "EXTERNAL"
},
"title": "Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-4350",
"datePublished": "2024-08-09T00:37:44.009Z",
"dateReserved": "2024-04-30T15:31:19.182Z",
"dateUpdated": "2025-09-25T18:52:13.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7512 (GCVE-0-2024-7512)
Vulnerability from nvd – Published: 2024-08-09 00:19 – Updated: 2025-01-17 21:04
VLAI?
Summary
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , ≤ 9.3.2
(git)
|
Credits
m3dium
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T13:49:33.387455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T13:49:43.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThanOrEqual": "9.3.2",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m3dium"
}
],
"datePublic": "2024-08-07T20:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eConcrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T21:04:53.122Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://hackerone.com/reports/2486344"
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes?pk_vid=e367a434ef4830491723055753d52041"
}
],
"source": {
"advisory": "https://hackerone.com/reports/2486344",
"defect": [
"HackerOne"
],
"discovery": "EXTERNAL"
},
"title": "Concrete CMS Stored XSS in Board instances",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-7512",
"datePublished": "2024-08-09T00:19:14.082Z",
"dateReserved": "2024-08-05T20:11:31.174Z",
"dateUpdated": "2025-01-17T21:04:53.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}