CVE-2022-30120 - OpenCVE

XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Concretecms	Concrete Cms

Configuration 1 [-]

OR	cpe:2.3:a:concretecms:concrete_cms::::::::
	cpe:2.3:a:concretecms:concrete_cms::::::::

No data.

References

Link	Providers
https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes
https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes
https://hackerone.com/reports/1363598

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2022-06-24T15:00:06

Updated: 2024-08-03T06:40:47.792Z

Reserved: 2022-05-02T00:00:00

Link: CVE-2022-30120

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-24T15:15:11.010

Modified: 2022-07-05T19:42:56.663

Link: CVE-2022-30120

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "https://github.com/concrete5/concrete5", "vendor": "n/a", "versions": [{"status": "affected", "version": "Remediated in Concrete CMS 8.5.8 and 9.1.0. Affected Versions are Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2"}]}], "descriptions": [{"lang": "en", "value": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Cross-site Scripting (XSS) - Reflected (CWE-79)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T15:00:06", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"}, {"tags": ["x_refsource_MISC"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1363598"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2022-30120", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "https://github.com/concrete5/concrete5", "version": {"version_data": [{"version_value": "Remediated in Concrete CMS 8.5.8 and 9.1.0. Affected Versions are Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"}]}]}, "references": {"reference_data": [{"name": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes", "refsource": "MISC", "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"}, {"name": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes", "refsource": "MISC", "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"}, {"name": "https://hackerone.com/reports/1363598", "refsource": "MISC", "url": "https://hackerone.com/reports/1363598"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:40:47.792Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1363598"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-30120", "datePublished": "2022-06-24T15:00:06", "dateReserved": "2022-05-02T00:00:00", "dateUpdated": "2024-08-03T06:40:47.792Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "D821B974-A48F-4925-B849-55AC51A0BE0A", "versionEndExcluding": "8.5.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6E5829D-AFD1-4C1B-9E53-400D09956577", "versionEndExcluding": "9.1.0", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting"}, {"lang": "es", "value": "Una vulnerabilidad de tipo XSS en /dashboard/blocks/stacks/view_details/ - s\u00f3lo para navegadores antiguos. Cuando es usado un navegador antiguo con la protecci\u00f3n de tipo XSS incorporada deshabilitada, un saneo insuficiente en la salida de las urls construidas puede ser explotado para Concrete versiones 8.5.7 y anteriores, as\u00ed como Concrete versiones 9.0 hasta 9.0.2 para permitir un ataque de tipo XSS. Esto no puede ser explotado en los navegadores web actuales debido a un mecanismo de escape de entrada autom\u00e1tico. El equipo de seguridad de Concrete CMS clasific\u00f3 esta vulnerabilidad como 3.1 con el vector CVSS v3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. ha sido a\u00f1adido el saneo en la salida de las urls construidas. Cr\u00e9dito a Bogdan Tiron de FORTBRIDGE (https://www.fortbridge.co.uk/ ) por reportar"}], "id": "CVE-2022-30120", "lastModified": "2022-07-05T19:42:56.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-24T15:15:11.010", "references": [{"source": "support@hackerone.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes"}, {"source": "support@hackerone.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes"}, {"source": "support@hackerone.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1363598"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "support@hackerone.com", "type": "Secondary"}]}