CVE-2024-3178

Summary

CVE-2024-3178 is a Cross-site Scripting (XSS) vulnerability affecting Concrete CMS versions below 9.2.8 and versions below 8.5.16. This issue stems from insufficient validation of administrator-provided data in the Advanced File Search Filter. Malicious code could be added by a rogue administrator, leading to potential exploitation through the File Manager. All administrators have access to the File Manager, increasing the risk. The vulnerability was given a CVSS v3.1 score of 3.1, with an Attack Vector (AV) of Network, Access Complexity (AC) of High, Privileges Required (PR) of High, User Interface (UI) of Remote, Scope (S) of Unchanged, Confidentiality (C) of Low, Integrity (I) of Low, and Availability (A) of Low.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.