How severe is CVE-2024-8291?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2024-8291?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-8291

MEDIUM Year: 2024

CVSS v3 Score

4.8

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).

CVE-2015-9546

MEDIUM

CVSS:4.8(Medium)

An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker ca...

CWE-222015

CVE-2020-4240

MEDIUM

CVSS:4.8(Medium)

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbit...

CWE-222020

CVE-2022-20725

MEDIUM

CVSS:4.8(Medium)

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, ex...

CWE-222022

CVE-2022-24851

MEDIUM

CVSS:4.8(Medium)

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are n...

CWE-222022

CVE-2024-24569

MEDIUM

CVSS:4.8(Medium)

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable ...

CWE-222024

CVE-2017-10273

MEDIUM

CVSS:4.7(Medium)

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3...

CWE-222017

CVE-2024-8291

Vulnerability Description

Related Vulnerabilities

CVE-2015-9546

CVE-2020-4240

CVE-2022-20725

CVE-2022-24851

CVE-2024-24569

CVE-2017-10273