CVE-2024-1246 (GCVE-0-2024-1246)
Vulnerability from cvelistv5 – Published: 2024-02-09 19:33 – Updated: 2025-04-24 15:46
VLAI?
Summary
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.2.5
(patch)
|
Credits
cupc4k3
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T15:14:59.442762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:46:51.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS ",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS ",
"versions": [
{
"lessThan": "9.2.5",
"status": "affected",
"version": "9.0.0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "cupc4k3"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003c/b\u003e\u003cb\u003e\u003c/b\u003e\u003cb\u003e\u003c/b\u003e\u003cspan style=\"background-color: transparent;\"\u003eConcrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003ele\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector\u003c/span\u003e \u003cspan style=\"background-color: transparent;\"\u003eAV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e. This does not affect Concrete versions prior to version 9.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T21:54:30.346Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"
},
{
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"
}
],
"source": {
"advisory": "Hackerone 2337524",
"discovery": "EXTERNAL"
},
"title": "Concrete CMS\u00a0in version 9 before 9.2.5\u00a0is vulnerable to reflected XSS via the Image URL Import Feature",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-1246",
"datePublished": "2024-02-09T19:33:26.054Z",
"dateReserved": "2024-02-06T00:50:59.480Z",
"dateUpdated": "2025-04-24T15:46:51.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.2.5\", \"matchCriteriaId\": \"4B4CD16D-4D2C-45DC-ACAC-E107A4909305\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\\n\"}, {\"lang\": \"es\", \"value\": \"Concrete CMS en la versi\\u00f3n 9 anterior a la 9.2.5 es vulnerable al XSS reflejado a trav\\u00e9s de la funci\\u00f3n de importaci\\u00f3n de URL de imagen debido a una validaci\\u00f3n insuficiente de los datos proporcionados por el administrador. Un administrador deshonesto podr\\u00eda inyectar c\\u00f3digo malicioso al importar im\\u00e1genes, lo que provocar\\u00eda la ejecuci\\u00f3n del c\\u00f3digo malicioso en el navegador del usuario del sitio web. El equipo de seguridad de Concrete CMS obtuvo este 2 con el vector CVSS v3 AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. Esto no afecta a las versiones de Concrete anteriores a la versi\\u00f3n 9.\"}]",
"id": "CVE-2024-1246",
"lastModified": "2024-11-21T08:50:08.877",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 2.0, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.5, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 2.7}]}",
"published": "2024-02-09T20:15:54.573",
"references": "[{\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\", \"source\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\", \"source\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-1246\",\"sourceIdentifier\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"published\":\"2024-02-09T20:15:54.573\",\"lastModified\":\"2024-11-21T08:50:08.877\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\\n\"},{\"lang\":\"es\",\"value\":\"Concrete CMS en la versi\u00f3n 9 anterior a la 9.2.5 es vulnerable al XSS reflejado a trav\u00e9s de la funci\u00f3n de importaci\u00f3n de URL de imagen debido a una validaci\u00f3n insuficiente de los datos proporcionados por el administrador. Un administrador deshonesto podr\u00eda inyectar c\u00f3digo malicioso al importar im\u00e1genes, lo que provocar\u00eda la ejecuci\u00f3n del c\u00f3digo malicioso en el navegador del usuario del sitio web. El equipo de seguridad de Concrete CMS obtuvo este 2 con el vector CVSS v3 AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. Esto no afecta a las versiones de Concrete anteriores a la versi\u00f3n 9.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":2.0,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.5\",\"matchCriteriaId\":\"4B4CD16D-4D2C-45DC-ACAC-E107A4909305\"}]}]}],\"references\":[{\"url\":\"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\",\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\",\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:33:25.494Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1246\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-13T15:14:59.442762Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:37.154Z\"}}], \"cna\": {\"title\": \"Concrete CMS\\u00a0in version 9 before 9.2.5\\u00a0is vulnerable to reflected XSS via the Image URL Import Feature\", \"source\": {\"advisory\": \"Hackerone 2337524\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"cupc4k3\"}], \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/concretecms/concretecms\", \"vendor\": \"Concrete CMS \", \"product\": \"Concrete CMS \", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"lessThan\": \"9.2.5\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\"}, {\"url\": \"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cb\u003e\u003c/b\u003e\u003cb\u003e\u003c/b\u003e\u003cb\u003e\u003c/b\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eConcrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, \u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ele\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eading to the execution of the malicious code on the website user\\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector\u003c/span\u003e \u003cspan style=\\\"background-color: transparent;\\\"\u003eAV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e. This does not affect Concrete versions prior to version 9.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"shortName\": \"ConcreteCMS\", \"dateUpdated\": \"2024-02-09T21:54:30.346Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1246\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-24T15:46:51.612Z\", \"dateReserved\": \"2024-02-06T00:50:59.480Z\", \"assignerOrgId\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"datePublished\": \"2024-02-09T19:33:26.054Z\", \"assignerShortName\": \"ConcreteCMS\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…