CVE-2024-1247
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Summary
CVE-2024-1247 is a stored XSS vulnerability affecting Concrete CMS version 9 before 9.2.5. Malicious code can be injected into the Role Name field due to insufficient validation of administrator-provided data, posing a high risk for users who visit affected pages. The vulnerability's CVSS v3 base score is 2, with an attack vector of Adversary (NON-LOCAL) / Attack Complexity: High / Privileges Required: High / User Interaction: Required / Scope: Unchanged / Confidentiality: Low / Integrity: Low / Availability: None. Concrete CMS Security team advises users to upgrade to version 9.2.5 or newer to mitigate this risk. Versions below 9 are not affected as they do not include group types.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Concretecms Concrete Cms