CVE-2024-7394 | Concrete CMS up to 8.5.17/9.3.2 getAttributeSetName cross site scripting

Inserito da Angelo Barbosa | Ago 8, 2024 | CVE

A vulnerability has been found in Concrete CMS up to 8.5.17/9.3.2 and classified as problematic. This vulnerability affects the function getAttributeSetName. The manipulation leads to cross site scripting.

This vulnerability was named CVE-2024-7394. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-7394 | Concrete CMS up to 8.5.17/9.3.2 getAttributeSetName cross site scripting

Post correlati

CVE-2024-1831 | SourceCodester Complete File Management System 1.0 Login Form users/index.php username sql injection

CVE-2020-27478 | Simplcommerce up to 3103357200c70b4767986544e01b19dbf11505a7 Search Bar cross site scripting

CVE-2024-25942 | Dell PowerEdge Platform prior 1.19.0/2.14.0/2.19.0 SMM Communication input validation (dsa-2024-104)

CVE-2024-1986 | Elite Booster for WooCommerce Plugin up to 7.1.7 on WordPress unrestricted upload