How severe is CVE-2024-1246?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2024-1246?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2024-1246 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.

Related Vulnerabilities

CVE-2010-3359

MEDIUM

CVSS:4.8(Medium)

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a direc...

CWE-202010

CVE-2011-4968

MEDIUM

CVSS:4.8(Medium)

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

CWE-202011

CVE-2019-12626

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS)...

CWE-202019

CVE-2019-1875

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the ...

CWE-202019

CVE-2020-15201

MEDIUM

CVSS:4.8(Medium)

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the v...

CWE-202020

CVE-2020-15233

MEDIUM

CVSS:4.8(Medium)

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered ...

CWE-202020