CVE-2024-1245 (GCVE-0-2024-1245)
Vulnerability from cvelistv5 – Published: 2024-02-09 19:43 – Updated: 2024-08-19 16:13
VLAI?
Summary
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
9.0.0 , < 9.2.5
(patch)
|
Credits
Poto Gabor
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T16:13:24.461715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T16:13:40.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS ",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.2.5",
"status": "affected",
"version": "9.0.0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Poto Gabor"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003eConcrete CMS\u0026nbsp;version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.\u003c/span\u003e \u003cbr\u003e"
}
],
"value": "Concrete CMS\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T22:00:47.749Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"
},
{
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"
}
],
"source": {
"advisory": "Hackerone 2309264",
"discovery": "EXTERNAL"
},
"title": "Concrete CMS\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-1245",
"datePublished": "2024-02-09T19:43:58.153Z",
"dateReserved": "2024-02-06T00:50:41.232Z",
"dateUpdated": "2024-08-19T16:13:40.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.2.5\", \"matchCriteriaId\": \"4B4CD16D-4D2C-45DC-ACAC-E107A4909305\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Concrete CMS\\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. \\n\"}, {\"lang\": \"es\", \"value\": \"La versi\\u00f3n 9 de Concrete CMS anterior a la 9.2.5 es vulnerable a XSS almacenado en etiquetas de archivos y atributos de descripci\\u00f3n, ya que los atributos de archivo ingresados por el administrador no est\\u00e1n suficientemente sanitizados en la p\\u00e1gina Edit Attributes. Un administrador deshonesto podr\\u00eda colocar c\\u00f3digo malicioso en las etiquetas del archivo o en los atributos de descripci\\u00f3n y, cuando otro administrador abra el mismo archivo para editarlo, el c\\u00f3digo malicioso podr\\u00eda ejecutarse. El equipo de seguridad de Concrete CMS obtuvo una puntuaci\\u00f3n de 2,4 con el vector CVSS v3 AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.\"}]",
"id": "CVE-2024-1245",
"lastModified": "2024-11-21T08:50:08.740",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 2.4, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 2.7}]}",
"published": "2024-02-09T20:15:54.370",
"references": "[{\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\", \"source\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\", \"source\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-1245\",\"sourceIdentifier\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"published\":\"2024-02-09T20:15:54.370\",\"lastModified\":\"2024-11-21T08:50:08.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Concrete CMS\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. \\n\"},{\"lang\":\"es\",\"value\":\"La versi\u00f3n 9 de Concrete CMS anterior a la 9.2.5 es vulnerable a XSS almacenado en etiquetas de archivos y atributos de descripci\u00f3n, ya que los atributos de archivo ingresados por el administrador no est\u00e1n suficientemente sanitizados en la p\u00e1gina Edit Attributes. Un administrador deshonesto podr\u00eda colocar c\u00f3digo malicioso en las etiquetas del archivo o en los atributos de descripci\u00f3n y, cuando otro administrador abra el mismo archivo para editarlo, el c\u00f3digo malicioso podr\u00eda ejecutarse. El equipo de seguridad de Concrete CMS obtuvo una puntuaci\u00f3n de 2,4 con el vector CVSS v3 AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.5\",\"matchCriteriaId\":\"4B4CD16D-4D2C-45DC-ACAC-E107A4909305\"}]}]}],\"references\":[{\"url\":\"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\",\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\",\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:33:25.326Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1245\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-19T16:13:24.461715Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-19T16:13:36.094Z\"}}], \"cna\": {\"title\": \"Concrete CMS\\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes\", \"source\": {\"advisory\": \"Hackerone 2309264\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Poto Gabor\"}], \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/concretecms/concretecms\", \"vendor\": \"Concrete CMS\", \"product\": \"Concrete CMS \", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"lessThan\": \"9.2.5\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes\"}, {\"url\": \"https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Concrete CMS\\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. \\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(239, 250, 102);\\\"\u003eConcrete CMS\u0026nbsp;version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.\u003c/span\u003e \u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"shortName\": \"ConcreteCMS\", \"dateUpdated\": \"2024-02-09T22:00:47.749Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1245\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-19T16:13:40.880Z\", \"dateReserved\": \"2024-02-06T00:50:41.232Z\", \"assignerOrgId\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"datePublished\": \"2024-02-09T19:43:58.153Z\", \"assignerShortName\": \"ConcreteCMS\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…