CVE-2024-45406 - Vulnerability Details - OpenCVE

Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00188.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Craftcms	Craft Cms

Configuration 1 [-]

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8
https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42

History

Mon, 09 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Craftcms Craftcms craft Cms
CPEs		cpe:2.3:a:craftcms:craft_cms::::::::
Vendors & Products		Craftcms Craftcms craft Cms
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Sep 2024 17:00:00 +0000

Type	Values Removed	Values Added
Description		Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.
Title		Craft CMS stored XSS in breadcrumb list and title fields
Weaknesses		CWE-79 CWE-80
References		https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8 https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-09T16:46:26.948Z

Updated: 2024-09-09T19:59:08.697Z

Reserved: 2024-08-28T20:21:32.804Z

Link: CVE-2024-45406

Vulnrichment

Updated: 2024-09-09T19:59:03.200Z

NVD

Status : Analyzed

Published: 2024-09-09T17:15:13.180

Modified: 2024-09-13T15:30:45.380

Link: CVE-2024-45406

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45406", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-08-28T20:21:32.804Z", "datePublished": "2024-09-09T16:46:26.948Z", "dateUpdated": "2024-09-09T19:59:08.697Z"}, "containers": {"cna": {"title": "Craft CMS stored XSS in breadcrumb list and title fields", "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42"}, {"name": "https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8", "tags": ["x_refsource_MISC"], "url": "https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8"}], "affected": [{"vendor": "craftcms", "product": "cms", "versions": [{"version": ">= 5.0.0, < 5.1.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-09T16:46:26.948Z"}, "descriptions": [{"lang": "en", "value": "Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input."}], "source": {"advisory": "GHSA-28h4-788g-rh42", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "craftcms", "product": "craft_cms", "cpes": ["cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.0.0", "status": "affected", "lessThan": "5.1.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T19:58:18.333986Z", "id": "CVE-2024-45406", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:59:08.697Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45406", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T19:58:18.333986Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*"], "vendor": "craftcms", "product": "craft_cms", "versions": [{"status": "affected", "version": "5.0.0", "lessThan": "5.1.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:59:03.200Z"}}], "cna": {"title": "Craft CMS stored XSS in breadcrumb list and title fields", "source": {"advisory": "GHSA-28h4-788g-rh42", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "craftcms", "product": "cms", "versions": [{"status": "affected", "version": ">= 5.0.0, < 5.1.2"}]}], "references": [{"url": "https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42", "name": "https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8", "name": "https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-09T16:46:26.948Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45406", "state": "PUBLISHED", "dateUpdated": "2024-09-09T19:59:08.697Z", "dateReserved": "2024-08-28T20:21:32.804Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-09T16:46:26.948Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A5B58B2-8A16-4860-AD9C-0B6D7425D4C8", "versionEndExcluding": "5.1.2", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input."}, {"lang": "es", "value": "Craft es un sistema de gesti\u00f3n de contenido (CMS). El XSS almacenado en Craft CMS 5 se puede activar mediante la lista de navegaci\u00f3n y los campos de t\u00edtulo con la entrada del usuario."}], "id": "CVE-2024-45406", "lastModified": "2024-09-13T15:30:45.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-09T17:15:13.180", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Secondary"}]}