CVE-2024-3181

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-3181
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3181.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-3181
Aliases
Published
2024-04-03T20:15:07.077Z
Modified
2026-04-10T05:12:31.536613Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting

References

Affected packages

Git / github.com/concretecms/concretecms

Affected ranges

Type
GIT
Repo
https://github.com/concretecms/concretecms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
17020e35940cdec1493c63065af6a2245e00d402
Introduced
b3774abddd475b4ba98b637402506f7a5ebd90ea
Fixed
54cb334ddefcc6d516fc59d5e21404497da27a6d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.5.16"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.2.8"
        }
    ]
}

Affected versions

5.*
5.7.0
5.7.0.1
5.7.0.3
5.7.0.4
5.7.1
5.7.2
5.7.2.1
5.7.3
5.7.3.1
5.7.4.1
5.7.5.2
5.7.5.5
5.7.5.6
5.7.5.7
8.*
8.1.0
8.2.0
8.2.0RC2
8.2.1
8.3.1
8.4.1
8.5.13
8.5.14
8.5.15
8.5.6
8.5.7
8.5.9
9.*
9.2.2
9.2.3
9.2.4
9.2.5
9.2.6
9.2.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3181.json"