PT-2024-24218 · Unknown · Concrete Cms
Alexey Solovyev
·
Published
2024-04-03
·
Updated
2024-12-16
·
CVE-2024-3181
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Concrete CMS versions 9 prior to 9.2.8
Concrete CMS versions prior to 8.5.16
Description
The issue concerns Stored XSS in the Search Field. It could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code.
Recommendations
For Concrete CMS version 9, update to version 9.2.8 or later.
For Concrete CMS versions prior to 8.5.16, update to version 8.5.16 or later.
Fix
XSS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Concrete Cms