How severe is CVE-2024-7512?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2024-7512?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2024-7512 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)

Related Vulnerabilities

CVE-2010-3359

MEDIUM

CVSS:4.8(Medium)

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a direc...

CWE-202010

CVE-2011-4968

MEDIUM

CVSS:4.8(Medium)

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

CWE-202011

CVE-2019-12626

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS)...

CWE-202019

CVE-2019-1875

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the ...

CWE-202019

CVE-2020-15201

MEDIUM

CVSS:4.8(Medium)

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the v...

CWE-202020

CVE-2020-15233

MEDIUM

CVSS:4.8(Medium)

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered ...

CWE-202020