CVE-2024-1246 - Vulnerability Details - OpenCVE

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Concretecms	Concrete Cms

Configuration 1 [-]

cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes
https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory

History

No history.

MITRE

Status: PUBLISHED

Assigner: ConcreteCMS

Published: 2024-02-09T19:33:26.054Z

Updated: 2024-08-01T18:33:25.494Z

Reserved: 2024-02-06T00:50:59.480Z

Link: CVE-2024-1246

Vulnrichment

Updated: 2024-08-01T18:33:25.494Z

NVD

Status : Modified

Published: 2024-02-09T20:15:54.573

Modified: 2024-11-21T08:50:08.877

Link: CVE-2024-1246

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1246", "assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "state": "PUBLISHED", "assignerShortName": "ConcreteCMS", "dateReserved": "2024-02-06T00:50:59.480Z", "datePublished": "2024-02-09T19:33:26.054Z", "dateUpdated": "2024-08-01T18:33:25.494Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Concrete CMS ", "repo": "https://github.com/concretecms/concretecms", "vendor": "Concrete CMS ", "versions": [{"lessThan": "9.2.5", "status": "affected", "version": "9.0.0", "versionType": "patch"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "cupc4k3"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b></b><b></b><b></b><span style=\"background-color: transparent;\">Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, </span><span style=\"background-color: transparent;\">le</span><span style=\"background-color: transparent;\">ading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector</span> <span style=\"background-color: transparent;\">AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N</span><span style=\"background-color: transparent;\">. This does not affect Concrete versions prior to version 9.</span><br>"}], "value": "Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "shortName": "ConcreteCMS", "dateUpdated": "2024-02-09T21:54:30.346Z"}, "references": [{"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"}, {"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"}], "source": {"advisory": "Hackerone 2337524", "discovery": "EXTERNAL"}, "title": "Concrete CMS\u00a0in version 9 before 9.2.5\u00a0is vulnerable to reflected XSS via the Image URL Import Feature", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1246", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T15:14:59.442762Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:20:53.237Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.494Z"}, "title": "CVE Program Container", "references": [{"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes", "tags": ["x_transferred"]}, {"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes", "tags": ["x_transferred"]}, {"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.494Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1246", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T15:14:59.442762Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:37.154Z"}}], "cna": {"title": "Concrete CMS\u00a0in version 9 before 9.2.5\u00a0is vulnerable to reflected XSS via the Image URL Import Feature", "source": {"advisory": "Hackerone 2337524", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "cupc4k3"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/concretecms/concretecms", "vendor": "Concrete CMS ", "product": "Concrete CMS ", "versions": [{"status": "affected", "version": "9.0.0", "lessThan": "9.2.5", "versionType": "patch"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"}, {"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\n", "supportingMedia": [{"type": "text/html", "value": "<b></b><b></b><b></b><span style=\"background-color: transparent;\">Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, </span><span style=\"background-color: transparent;\">le</span><span style=\"background-color: transparent;\">ading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector</span> <span style=\"background-color: transparent;\">AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N</span><span style=\"background-color: transparent;\">. This does not affect Concrete versions prior to version 9.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "shortName": "ConcreteCMS", "dateUpdated": "2024-02-09T21:54:30.346Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1246", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:33:25.494Z", "dateReserved": "2024-02-06T00:50:59.480Z", "assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "datePublished": "2024-02-09T19:33:26.054Z", "assignerShortName": "ConcreteCMS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B4CD16D-4D2C-45DC-ACAC-E107A4909305", "versionEndExcluding": "9.2.5", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\n"}, {"lang": "es", "value": "Concrete CMS en la versi\u00f3n 9 anterior a la 9.2.5 es vulnerable al XSS reflejado a trav\u00e9s de la funci\u00f3n de importaci\u00f3n de URL de imagen debido a una validaci\u00f3n insuficiente de los datos proporcionados por el administrador. Un administrador deshonesto podr\u00eda inyectar c\u00f3digo malicioso al importar im\u00e1genes, lo que provocar\u00eda la ejecuci\u00f3n del c\u00f3digo malicioso en el navegador del usuario del sitio web. El equipo de seguridad de Concrete CMS obtuvo este 2 con el vector CVSS v3 AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. Esto no afecta a las versiones de Concrete anteriores a la versi\u00f3n 9."}], "id": "CVE-2024-1246", "lastModified": "2024-11-21T08:50:08.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-09T20:15:54.573", "references": [{"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"}, {"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "tags": ["Vendor Advisory"], "url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"}], "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}