GHSA-4m7h-34xm-4wjv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4m7h-34xm-4wjv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-4m7h-34xm-4wjv/GHSA-4m7h-34xm-4wjv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4m7h-34xm-4wjv
- Aliases
-
- CVE-2024-2179
- Published
- 2024-03-05T21:30:25Z
- Modified
- 2024-09-03T20:20:39.615706Z
- Severity
-
- 2.2 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Concrete CMS Stored Cross-site Scripting vulnerability
- Details
-
Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.
- Database specific
{ "nvd_published_at": "2024-03-05T21:15:09Z", "cwe_ids": [ "CWE-20", "CWE-79" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-03-06T17:05:06Z" }- References
Affected packages
Packagist / concrete5/concrete5
Package
- Name
- concrete5/concrete5
- Purl
- pkg:composer/concrete5/concrete5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.2.7
Affected versions
8.*
8.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6
8.5.7
8.5.8
8.5.9
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.17
8.5.18
9.*
9.0.0RC1
9.0.0RC3
9.0.0RC4
9.0.0
9.0.1
9.0.2
9.1.0
9.1.1
9.1.2
9.1.3
9.2.0RC2
9.2.0
9.2.1
9.2.2
9.2.3
9.2.4
9.2.5
9.2.6