CVE-2025-2965
CVE-2025-2965
Título es
CVE-2025-2965
Dom, 30/03/2025 – 23:15
Tipo
CWE-79
Gravedad v2.0
4.00
Gravedad 2.0 Txt
MEDIUM
Título en
CVE-2025-2965
Descripción en
A vulnerability has been found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this vulnerability is the function Save of the component Accordion Block Handler. The manipulation of the argument Title/Body Source leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
31/03/2025
31/03/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vector CVSS:2.0
AV:N/AC:L/Au:S/C:N/I:P/A:N
Gravedad 4.0
5.10
Gravedad 4.0 txt
MEDIUM
Gravedad 3.1 (CVSS 3.1 Base Score)
3.50
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW
Referencias
Enviar en el boletín
Off
