CVE-2024-7394 | Concrete CMS up to 8.5.17/9.3.2 getAttributeSetName cross site scripting

Inserito da Angelo Barbosa | Ago 8, 2024 | CVE

A vulnerability has been found in Concrete CMS up to 8.5.17/9.3.2 and classified as problematic. This vulnerability affects the function getAttributeSetName. The manipulation leads to cross site scripting.

This vulnerability was named CVE-2024-7394. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-7394 | Concrete CMS up to 8.5.17/9.3.2 getAttributeSetName cross site scripting

Post correlati

CVE-2024-30583 | Tenda FH1202 1.2.0.14(408) /goform/addressNat fromAddressNat mitInterface stack-based overflow

CVE-2024-21908 | TinyMCE up to 5.8.x Editor cross site scripting

CVE-2024-34831 | Gibbon Core 26.0.00 library_manage_catalog_editProcess.php imageLink cross site scripting

CVE-2024-35518 | Netgear EX6120 1.0.0.68/2.cgi genie_fix2.cgi wan_dns1_pri command injection