CVE-2024-1247

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes	Release Notes Vendor Advisory
https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

History

15 Feb 2024, 04:44

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.8
CPE		cpe:2.3:a:concretecms:concrete_cms::::::::
CWE		CWE-79
References	~~() https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory -~~	() https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory - Vendor Advisory
References	~~() https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes -~~	() https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes - Release Notes, Vendor Advisory
First Time		Concretecms Concretecms concrete Cms

09 Feb 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-09 19:15

Updated : 2024-02-28 20:54

NVD link : CVE-2024-1247

Mitre link : CVE-2024-1247

CVE.ORG link : CVE-2024-1247

JSON object : View

Products Affected

concretecms

concrete_cms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-20

Improper Input Validation

{"id": "CVE-2024-1247", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}, {"type": "Secondary", "source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.5}]}, "published": "2024-02-09T19:15:24.183", "references": [{"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes", "tags": ["Release Notes", "Vendor Advisory"], "source": "ff5b8ace-8b95-4078-9743-eac1ca5451de"}, {"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory", "tags": ["Vendor Advisory"], "source": "ff5b8ace-8b95-4078-9743-eac1ca5451de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Concrete CMS version 9 before 9.2.5 is vulnerable to\u00a0\u00a0stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field.\u00a0A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. \n"}, {"lang": "es", "value": "La versi\u00f3n 9 de Concrete CMS anterior a la 9.2.5 es vulnerable al XSS almacenado a trav\u00e9s del campo Role Name, ya que no hay validaci\u00f3n suficiente de los datos proporcionados por el administrador para ese campo. Un administrador deshonesto podr\u00eda inyectar c\u00f3digo malicioso en el campo Role Name que podr\u00eda ejecutarse cuando los usuarios visitan la p\u00e1gina afectada. El equipo de seguridad de Concrete CMS obtuvo este 2 con el vector CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator. Las versiones concretas inferiores a 9 no incluyen tipos de grupos, por lo que no se ven afectados por esta vulnerabilidad."}], "lastModified": "2024-02-15T04:44:09.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B4CD16D-4D2C-45DC-ACAC-E107A4909305", "versionEndExcluding": "9.2.5", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de"}