CVE-2024-8291 - Concrete CMS Stored XSS in Image Editor Background Color

1 month ago 18
ARTICLE AD BOX
CVE ID : CVE-2024-8291
Published : Sept. 25, 2024, 1:15 a.m. | 24 minutes ago
Description : Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N  Thanks,  Alexey Solovyev for reporting.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article