CVE-2024-3181

Summary

CVE-2024-3181 is a stored Cross-Site Scripting (XSS) vulnerability affecting Concrete CMS versions 9 prior to 9.2.8 and previous versions prior to 8.5.16. An administrator could exploit this flaw by modifying a filter, which had been previously manipulated by a malicious actor, to inject malicious code. This attack could lead to the execution of harmful scripts in users' browsers. The vulnerability was given a CVSS v3.1 score of 3.1 with a high impact on the attacker's privileges (AV:N/AC:H), the attack vector being through the user interface (UI:R), and the impact on the confidentiality (C:L) and integrity (I:L) of the affected system. (Source: NVD)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.