CVE-2025-2972 (GCVE-0-2025-2972)

Vulnerability from cvelistv5 – Published: 2025-03-31 02:31 – Updated: 2025-04-04 00:29
VLAI?

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-04-04T00:29:36.255Z",
        "orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
        "shortName": "ConcreteCMS"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2972",
    "datePublished": "2025-03-31T02:31:04.884Z",
    "dateRejected": "2025-04-04T00:29:36.255Z",
    "dateReserved": "2025-03-30T07:16:10.449Z",
    "dateUpdated": "2025-04-04T00:29:36.255Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-2972\",\"sourceIdentifier\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"published\":\"2025-03-31T03:15:14.013\",\"lastModified\":\"2025-04-04T01:15:40.127\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\"}],\"metrics\":{},\"references\":[]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-31T16:05:10.929Z\"}, \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2972\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-31T16:05:04.986368Z\"}}}], \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"ConcreteCMS Page Attribute Display Block cross site scripting\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"yaowenxiao (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.1, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4, \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\"}}], \"affected\": [{\"vendor\": \"n/a\", \"modules\": [\"Page Attribute Display Block Handler\"], \"product\": \"ConcreteCMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.3.0\"}, {\"status\": \"affected\", \"version\": \"9.3.1\"}, {\"status\": \"affected\", \"version\": \"9.3.2\"}, {\"status\": \"affected\", \"version\": \"9.3.3\"}, {\"status\": \"affected\", \"version\": \"9.3.4\"}, {\"status\": \"affected\", \"version\": \"9.3.5\"}, {\"status\": \"affected\", \"version\": \"9.3.6\"}, {\"status\": \"affected\", \"version\": \"9.3.7\"}, {\"status\": \"affected\", \"version\": \"9.3.8\"}, {\"status\": \"affected\", \"version\": \"9.3.9\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-03-30T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-03-30T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-03-30T09:21:44.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.302024\", \"name\": \"VDB-302024 | ConcreteCMS Page Attribute Display Block cross site scripting\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.302024\", \"name\": \"VDB-302024 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.522423\", \"name\": \"Submit #522423 | Concretecms 9.3.9 XSS\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc10.md\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\"}, {\"lang\": \"de\", \"value\": \"Eine problematische Schwachstelle wurde in ConcreteCMS bis 9.3.9 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente Page Attribute Display Block Handler. Durch Manipulieren des Arguments Title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \\u00fcber das Netzwerk. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"Cross Site Scripting\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"Code Injection\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-04-03T20:34:07.780Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-2972\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-03T20:34:07.780Z\", \"dateReserved\": \"2025-03-30T07:16:10.449Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-03-31T02:31:04.884Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.