CVE-2024-3179

Summary

CVE-2024-3179 is a stored Cross-Site Scripting (XSS) vulnerability affecting Concrete CMS versions 9 before 9.2.8 and previous versions before 8.5.16. An unauthorized administrator could exploit this flaw by injecting malicious code into the custom class field due to insufficient data validation. The security risk associated with this vulnerability is classified as low (CVSS v3.1 score: 3.1) with a high attack vector (AV:N) and privileges required to exploit it (PR:H). The impact includes user interface redirection (UI:R) and data loss for both the attacker and the victim (S:U/C:L/I:L/A:L). Thanks to Alexey Solovyev for reporting.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.