CVE-2024-2753

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Apr 3, 2024
Updated: Dec 16, 2024
CWE ID 79

Summary

CVE-2024-2753 is a stored Cross-Site Scripting (XSS) vulnerability affecting Concrete CMS versions 9 before 9.2.8 and prior versions up to 8.5.15. This issue occurs due to unescaped user input on the calendar color settings screen. Malicious JavaScript code injected by a rogue administrator could be executed when users visit the affected page. The vulnerability was assigned a CVSS v3.1 score of 2.0 with a high impact on the attack vector and user interaction, but low impact on the attack complexity, privilege required, and confidentiality and integrity of the system. Users are advised to update their Concrete CMS installations to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Concretecms Concrete Cms

Affected Vendors

  • Concrete CMS