CVE-2023-44760

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Oct 23, 2023
Updated: Apr 11, 2024
CWE ID 79

Summary

CVE-2023-44760 is a vulnerability that affects Concrete CMS version 9.2.1 and allows an attacker to execute arbitrary code through crafted scripts in the Header and Footer Tracking Codes of the SEO & Statistics feature. The vendor disputes this vulnerability, stating that only admins can make changes to the header/footer, and allowing JavaScript in this area is an intentional customization feature. The exploitation method does not provide access to a Concrete CMS session as the session cookie is configured as HttpOnly. The vulnerability has a base severity of MEDIUM with a base score of 4.8 according to NVD@NIST.gov, and it requires high privileges and user interaction for exploitation. The impact on integrity and confidentiality is low, with no availability impact.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-44760 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options