CVE-2024-1247 - Vulnerability Details - OpenCVE

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Concretecms	Concrete Cms

Configuration 1 [-]

cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes
https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory

History

No history.

MITRE

Status: PUBLISHED

Assigner: ConcreteCMS

Published: 2024-02-09T18:58:24.672Z

Updated: 2024-08-01T18:33:25.343Z

Reserved: 2024-02-06T00:51:01.240Z

Link: CVE-2024-1247

Vulnrichment

Updated: 2024-08-01T18:33:25.343Z

NVD

Status : Modified

Published: 2024-02-09T19:15:24.183

Modified: 2024-11-21T08:50:09.013

Link: CVE-2024-1247

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1247", "assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "state": "PUBLISHED", "assignerShortName": "ConcreteCMS", "dateReserved": "2024-02-06T00:51:01.240Z", "datePublished": "2024-02-09T18:58:24.672Z", "dateUpdated": "2024-08-01T18:33:25.343Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Concrete CMS", "repo": "https://github.com/concretecms/concretecms", "vendor": "Concrete CMS", "versions": [{"lessThan": "9.2.5", "status": "affected", "version": "9.0.0", "versionType": "patch"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "cupc4k3"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Concrete CMS <span style=\"background-color: rgb(246, 246, 246);\">version 9 before 9.2.5 is vulnerable to </span> s<span style=\"background-color: rgb(246, 246, 246);\">tored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. <span style=\"background-color: rgb(246, 246, 246);\">A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N&version=3.1\">AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N</a><span style=\"background-color: rgb(246, 246, 246);\">. Concrete versions below 9 do not include group types so they are not affected by this vulnerability. </span></span><br>"}], "value": "Concrete CMS version 9 before 9.2.5 is vulnerable to\u00a0\u00a0stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field.\u00a0A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. \n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "shortName": "ConcreteCMS", "dateUpdated": "2024-02-09T19:49:26.781Z"}, "references": [{"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"}, {"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"}], "source": {"advisory": "Hackerone 2337519", "discovery": "EXTERNAL"}, "title": "Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1247", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T17:30:29.586336Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:20:51.875Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.343Z"}, "title": "CVE Program Container", "references": [{"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes", "tags": ["x_transferred"]}, {"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes", "tags": ["x_transferred"]}, {"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.343Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1247", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-12T17:30:29.586336Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:37.081Z"}}], "cna": {"title": "Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field", "source": {"advisory": "Hackerone 2337519", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "cupc4k3"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/concretecms/concretecms", "vendor": "Concrete CMS", "product": "Concrete CMS", "versions": [{"status": "affected", "version": "9.0.0", "lessThan": "9.2.5", "versionType": "patch"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"}, {"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Concrete CMS version 9 before 9.2.5 is vulnerable to\u00a0\u00a0stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field.\u00a0A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. \n", "supportingMedia": [{"type": "text/html", "value": "Concrete CMS <span style=\"background-color: rgb(246, 246, 246);\">version 9 before 9.2.5 is vulnerable to </span> s<span style=\"background-color: rgb(246, 246, 246);\">tored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. <span style=\"background-color: rgb(246, 246, 246);\">A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N&version=3.1\">AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N</a><span style=\"background-color: rgb(246, 246, 246);\">. Concrete versions below 9 do not include group types so they are not affected by this vulnerability. </span></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "shortName": "ConcreteCMS", "dateUpdated": "2024-02-09T19:49:26.781Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1247", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:33:25.343Z", "dateReserved": "2024-02-06T00:51:01.240Z", "assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "datePublished": "2024-02-09T18:58:24.672Z", "assignerShortName": "ConcreteCMS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B4CD16D-4D2C-45DC-ACAC-E107A4909305", "versionEndExcluding": "9.2.5", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Concrete CMS version 9 before 9.2.5 is vulnerable to\u00a0\u00a0stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field.\u00a0A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. \n"}, {"lang": "es", "value": "La versi\u00f3n 9 de Concrete CMS anterior a la 9.2.5 es vulnerable al XSS almacenado a trav\u00e9s del campo Role Name, ya que no hay validaci\u00f3n suficiente de los datos proporcionados por el administrador para ese campo. Un administrador deshonesto podr\u00eda inyectar c\u00f3digo malicioso en el campo Role Name que podr\u00eda ejecutarse cuando los usuarios visitan la p\u00e1gina afectada. El equipo de seguridad de Concrete CMS obtuvo este 2 con el vector CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator. Las versiones concretas inferiores a 9 no incluyen tipos de grupos, por lo que no se ven afectados por esta vulnerabilidad."}], "id": "CVE-2024-1247", "lastModified": "2024-11-21T08:50:09.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-09T19:15:24.183", "references": [{"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"}, {"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "tags": ["Vendor Advisory"], "url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory"}], "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}