https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-04T10:29:01.749525+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/80e92337-267e-4a89-96dd-681db58e0734/export80e92337-267e-4a89-96dd-681db58e07342026-05-04T10:29:02.129901+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "80e92337-267e-4a89-96dd-681db58e0734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8291", "type": "seen", "source": "https://t.me/cvedetector/6261", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-8291 - Concrete CMS Stored XSS in Image Editor Background Color\", \n \"Content\": \"CVE ID : CVE-2024-8291 \nPublished : Sept. 25, 2024, 1:15 a.m. | 43\u00a0minutes ago \nDescription : Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.\u00a0 A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N \u00a0Thanks,\u00a0 Alexey Solovyev for reporting. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-25T04:16:55.000000Z"}2024-09-25T04:16:55+00:00https://vulnerability.circl.lu/sighting/2787c0f5-14fa-415a-8ec4-1624fbfebd21/export2787c0f5-14fa-415a-8ec4-1624fbfebd212026-05-04T10:29:02.126954+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "2787c0f5-14fa-415a-8ec4-1624fbfebd21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8291", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2220", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-8291\n\ud83d\udd39 Description: Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.\u00a0 A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.\u00a0Thanks,\u00a0 Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).\n\ud83d\udccf Published: 2024-09-24T21:17:00.734Z\n\ud83d\udccf Modified: 2025-01-17T21:44:15.351Z\n\ud83d\udd17 References:\n1. https://github.com/concretecms/concretecms/pull/12183\n2. https://github.com/concretecms/concretecms/commit/dbce253166f6b10ff3e0c09e50fd395370b8b065\n3. https://documentation.concretecms.org/developers/introduction/version-history/8519-release-notes\n4. https://documentation.concretecms.org/9-x/developers/introduction/version-history/934-release-notes", "creation_timestamp": "2025-01-17T21:56:53.000000Z"}2025-01-17T21:56:53+00:00