CVE-2024-7512 — MEDIUM (4.8)

Q: How severe is CVE-2024-7512?

CVE-2024-7512 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-7512?

Check the references section above for vendor advisories and patch information. Affected products include: Concretecms Concrete Cms.

Vulnerability Description

Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Concretecms	Concrete Cms	>= 9.0.0, < 9.3.3

Related Weaknesses (CWE)

CWE-20 CWE-79

References

https://documentation.concretecms.org/9-x/developers/introduction/version-historRelease NotesVendor Advisory
https://hackerone.com/reports/2486344Permissions Required

FAQ

What is CVE-2024-7512?

CVE-2024-7512 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vul...

How severe is CVE-2024-7512?

CVE-2024-7512 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7512?

Check the references section above for vendor advisories and patch information. Affected products include: Concretecms Concrete Cms.