Vulnerability-Lookup

CVE-2022-30120 (GCVE-0-2022-30120)

Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2024-08-03 06:40

Summary

XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting

Severity ?

No CVSS data available.

CWE

CWE-79 - Cross-site Scripting (XSS) - Reflected (CWE-79)

Assigner

hackerone

References

URL

Tags

	https://documentation.concretecms.org/developers/…	x_refsource_MISC
	https://documentation.concretecms.org/developers/…	x_refsource_MISC
	https://hackerone.com/reports/1363598	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/concrete5/concrete5	Affected: Remediated in Concrete CMS 8.5.8 and 9.1.0. Affected Versions are Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:40:47.792Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1363598"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/concrete5/concrete5",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Remediated in Concrete CMS 8.5.8 and 9.1.0.    Affected Versions are Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:06.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1363598"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2022-30120",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/concrete5/concrete5",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Remediated in Concrete CMS 8.5.8 and 9.1.0.    Affected Versions are Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes",
              "refsource": "MISC",
              "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"
            },
            {
              "name": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes",
              "refsource": "MISC",
              "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"
            },
            {
              "name": "https://hackerone.com/reports/1363598",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1363598"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-30120",
    "datePublished": "2022-06-24T15:00:06.000Z",
    "dateReserved": "2022-05-02T00:00:00.000Z",
    "dateUpdated": "2024-08-03T06:40:47.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-30120",
      "date": "2026-05-09",
      "epss": "0.00632",
      "percentile": "0.70474"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.5.8\", \"matchCriteriaId\": \"D821B974-A48F-4925-B849-55AC51A0BE0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.1.0\", \"matchCriteriaId\": \"E6E5829D-AFD1-4C1B-9E53-400D09956577\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de tipo XSS en /dashboard/blocks/stacks/view_details/ - s\\u00f3lo para navegadores antiguos. Cuando es usado un navegador antiguo con la protecci\\u00f3n de tipo XSS incorporada deshabilitada, un saneo insuficiente en la salida de las urls construidas puede ser explotado para Concrete versiones 8.5.7 y anteriores, as\\u00ed como Concrete versiones 9.0 hasta 9.0.2 para permitir un ataque de tipo XSS. Esto no puede ser explotado en los navegadores web actuales debido a un mecanismo de escape de entrada autom\\u00e1tico. El equipo de seguridad de Concrete CMS clasific\\u00f3 esta vulnerabilidad como 3.1 con el vector CVSS v3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. ha sido a\\u00f1adido el saneo en la salida de las urls construidas. Cr\\u00e9dito a Bogdan Tiron de FORTBRIDGE (https://www.fortbridge.co.uk/ ) por reportar\"}]",
      "id": "CVE-2022-30120",
      "lastModified": "2024-11-21T07:02:11.960",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-06-24T15:15:11.010",
      "references": "[{\"url\": \"https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes\", \"source\": \"support@hackerone.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes\", \"source\": \"support@hackerone.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://hackerone.com/reports/1363598\", \"source\": \"support@hackerone.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://hackerone.com/reports/1363598\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-30120\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2022-06-24T15:15:11.010\",\"lastModified\":\"2024-11-21T07:02:11.960\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo XSS en /dashboard/blocks/stacks/view_details/ - s\u00f3lo para navegadores antiguos. Cuando es usado un navegador antiguo con la protecci\u00f3n de tipo XSS incorporada deshabilitada, un saneo insuficiente en la salida de las urls construidas puede ser explotado para Concrete versiones 8.5.7 y anteriores, as\u00ed como Concrete versiones 9.0 hasta 9.0.2 para permitir un ataque de tipo XSS. Esto no puede ser explotado en los navegadores web actuales debido a un mecanismo de escape de entrada autom\u00e1tico. El equipo de seguridad de Concrete CMS clasific\u00f3 esta vulnerabilidad como 3.1 con el vector CVSS v3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. ha sido a\u00f1adido el saneo en la salida de las urls construidas. Cr\u00e9dito a Bogdan Tiron de FORTBRIDGE (https://www.fortbridge.co.uk/ ) por reportar\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.8\",\"matchCriteriaId\":\"D821B974-A48F-4925-B849-55AC51A0BE0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.1.0\",\"matchCriteriaId\":\"E6E5829D-AFD1-4C1B-9E53-400D09956577\"}]}]}],\"references\":[{\"url\":\"https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes\",\"source\":\"support@hackerone.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes\",\"source\":\"support@hackerone.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/1363598\",\"source\":\"support@hackerone.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/1363598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2022-54305

Vulnerability from cnvd - Published: 2022-07-29

Title

PortlandLabs Concrete CMS跨站脚本漏洞（CNVD-2022-54305）

Description

PortlandLabs Concrete CMS是美国PortlandLabs公司的一个面向团队的开源内容管理系统。 PortlandLabs Concrete CMS存在跨站脚本漏洞，该漏洞源于/dashboard/blocks/stacks/view_details中缺少对用户提供的数据和输出的数据校验过滤，攻击者可利用该漏洞在客户端执行JavaScript代码。

Severity

中

Patch Name

PortlandLabs Concrete CMS跨站脚本漏洞（CNVD-2022-54305）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes

Reference

https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes

Impacted products

Name
['Portland Labs Concrete CMS <=8.5.7', 'Portland Labs Concrete CMS >=9.0.0，<=9.0.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-30120",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-30120"
    }
  },
  "description": "PortlandLabs Concrete CMS\u662f\u7f8e\u56fdPortlandLabs\u516c\u53f8\u7684\u4e00\u4e2a\u9762\u5411\u56e2\u961f\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\n\nPortlandLabs Concrete CMS\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e/dashboard/blocks/stacks/view_details\u4e2d\u7f3a\u5c11\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u6821\u9a8c\u8fc7\u6ee4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5ba2\u6237\u7aef\u6267\u884cJavaScript\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://documentation.concretecms.org/developers/introduction/version-history/910-release-notes",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-54305",
  "openTime": "2022-07-29",
  "patchDescription": "PortlandLabs Concrete CMS\u662f\u7f8e\u56fdPortlandLabs\u516c\u53f8\u7684\u4e00\u4e2a\u9762\u5411\u56e2\u961f\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nPortlandLabs Concrete CMS\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e/dashboard/blocks/stacks/view_details\u4e2d\u7f3a\u5c11\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u6821\u9a8c\u8fc7\u6ee4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5ba2\u6237\u7aef\u6267\u884cJavaScript\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PortlandLabs Concrete CMS\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-54305\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Portland Labs Concrete CMS \u003c=8.5.7",
      "Portland Labs Concrete CMS \u003e=9.0.0\uff0c\u003c=9.0.2"
    ]
  },
  "referenceLink": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes",
  "serverity": "\u4e2d",
  "submitTime": "2022-06-28",
  "title": "PortlandLabs Concrete CMS\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-54305\uff09"
}

GSD-2022-30120

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-30120

Aliases

CVE-2022-30120

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-30120",
    "description": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting",
    "id": "GSD-2022-30120"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-30120"
      ],
      "details": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting",
      "id": "GSD-2022-30120",
      "modified": "2023-12-13T01:19:36.635874Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2022-30120",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "https://github.com/concrete5/concrete5",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Remediated in Concrete CMS 8.5.8 and 9.1.0.    Affected Versions are Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes",
            "refsource": "MISC",
            "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"
          },
          {
            "name": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes",
            "refsource": "MISC",
            "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"
          },
          {
            "name": "https://hackerone.com/reports/1363598",
            "refsource": "MISC",
            "url": "https://hackerone.com/reports/1363598"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c8.5.8||\u003e=9.0.0,\u003c9.1.0",
          "affected_versions": "All versions before 8.5.8, all versions starting from 9.0.0 before 9.1.0",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-06-29",
          "description": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting",
          "fixed_versions": [
            "8.5.8",
            "9.1.0"
          ],
          "identifier": "CVE-2022-30120",
          "identifiers": [
            "GHSA-m2ww-6wv6-vw3c",
            "CVE-2022-30120"
          ],
          "not_impacted": "All versions starting from 8.5.8 before 9.0.0, all versions starting from 9.1.0",
          "package_slug": "packagist/concrete5/core",
          "pubdate": "2022-06-25",
          "solution": "Upgrade to versions 8.5.8, 9.1.0 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-30120",
            "https://hackerone.com/reports/1363598",
            "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes",
            "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes",
            "https://github.com/advisories/GHSA-m2ww-6wv6-vw3c"
          ],
          "uuid": "2ce92431-c531-413f-8e55-2873d0e3ae28"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.5.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2022-30120"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"
            },
            {
              "name": "https://hackerone.com/reports/1363598",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://hackerone.com/reports/1363598"
            },
            {
              "name": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2022-07-05T19:42Z",
      "publishedDate": "2022-06-24T15:15Z"
    }
  }
}

FKIE_CVE-2022-30120

Vulnerability from fkie_nvd - Published: 2022-06-24 15:15 - Updated: 2024-11-21 07:02

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
support@hackerone.com	https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes	Release Notes, Vendor Advisory
support@hackerone.com	https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes	Release Notes, Vendor Advisory
support@hackerone.com	https://hackerone.com/reports/1363598	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://hackerone.com/reports/1363598	Permissions Required, Third Party Advisory

Impacted products

	Vendor	Product	Version
	concretecms	concrete_cms	*
	concretecms	concrete_cms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D821B974-A48F-4925-B849-55AC51A0BE0A",
              "versionEndExcluding": "8.5.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E5829D-AFD1-4C1B-9E53-400D09956577",
              "versionEndExcluding": "9.1.0",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo XSS en /dashboard/blocks/stacks/view_details/ - s\u00f3lo para navegadores antiguos. Cuando es usado un navegador antiguo con la protecci\u00f3n de tipo XSS incorporada deshabilitada, un saneo insuficiente en la salida de las urls construidas puede ser explotado para Concrete versiones 8.5.7 y anteriores, as\u00ed como Concrete versiones 9.0 hasta 9.0.2 para permitir un ataque de tipo XSS. Esto no puede ser explotado en los navegadores web actuales debido a un mecanismo de escape de entrada autom\u00e1tico. El equipo de seguridad de Concrete CMS clasific\u00f3 esta vulnerabilidad como 3.1 con el vector CVSS v3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. ha sido a\u00f1adido el saneo en la salida de las urls construidas. Cr\u00e9dito a Bogdan Tiron de FORTBRIDGE (https://www.fortbridge.co.uk/ ) por reportar"
    }
  ],
  "id": "CVE-2022-30120",
  "lastModified": "2024-11-21T07:02:11.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-24T15:15:11.010",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1363598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1363598"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-M2WW-6WV6-VW3C

Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2022-07-06 16:48

Summary

Cross site scripting in Concrete CMS

Details

Severity ?

3.1 (Low)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "concrete5/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "concrete5/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.5.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-30120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-29T21:18:26Z",
    "nvd_published_at": "2022-06-24T15:15:00Z",
    "severity": "LOW"
  },
  "details": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output.",
  "id": "GHSA-m2ww-6wv6-vw3c",
  "modified": "2022-07-06T16:48:12Z",
  "published": "2022-06-25T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30120"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1363598"
    },
    {
      "type": "WEB",
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"
    },
    {
      "type": "WEB",
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/concretecms/concretecms-core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross site scripting in Concrete CMS"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-30120 (GCVE-0-2022-30120)

CNVD-2022-54305

GSD-2022-30120

FKIE_CVE-2022-30120

GHSA-M2WW-6WV6-VW3C

Tags

Sightings

Nomenclature