216.73.217.123

CVE-2024-8661

· Published 16/09/2024 18:15 · Modified 25/09/2024 16:15

Labels: CVE-2024-8661 2024-09-16CVE-2024-8661CWE-79ff5b8ace-8b95-4078-9743-eac1ca5451de

Essential information

Published
16/09/2024 18:15
Modified
25/09/2024 16:15
Author
Creator
CISA KEV
No
CWE

Description

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N  Since the "Next&Previous Nav" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users. Thanks, Chu Quoc Khanh for reporting.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
ff5b8ace-8b95-4078-9743-eac1ca5451de
NVD
View on NVD

References