Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-998c-q8hh-h8gv

Опубликовано: 17 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 4.6
CVSS3: 4.8

Описание

Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block

Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page. This does not affect versions below 9.0.0 since they do not have the Top Navigator Bar Block. Thanks, Chu Quoc Khanh for reporting.

Ссылки

Пакеты

Наименование

concrete5/concrete5

composer
Затронутые версииВерсия исправления

>= 9.0.0, < 9.3.3

9.3.3

EPSS

Процентиль: 46%
0.00229
Низкий

4.6 Medium

CVSS4

4.8 Medium

CVSS3

CVE ID

CVE-2024-8660

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2024-8660

CVSS3: 4.8
nvd
больше 1 года назад

Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This does not affect versions below 9.0.0 since they do not have the Top Navigator Bar Block. Thanks, Chu Quoc Khanh for reporting.

EPSS

Процентиль: 46%
0.00229
Низкий

4.6 Medium

CVSS4

4.8 Medium

CVSS3

CVE ID

CVE-2024-8660

Дефекты

CWE-79