CVE-2025-2971 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

No reference.

History

Mon, 07 Apr 2025 23:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-79 CWE-94
References	https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc9.md https://vuldb.com/?ctiid.302023 https://vuldb.com/?id.302023 https://vuldb.com/?submit.522421
Metrics	cvssV2_0 `{'score': 4.0, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}` cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Mon, 07 Apr 2025 23:15:00 +0000

Type	Values Removed	Values Added
Title	ConcreteCMS List Block cross site scripting
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 07 Apr 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability classified as problematic was found in ConcreteCMS up to 9.3.9. Affected by this vulnerability is an unknown functionality of the component List Block Handler. The manipulation of the argument Name/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Metrics	cvssV3_0 `{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Mon, 31 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 31 Mar 2025 02:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability classified as problematic was found in ConcreteCMS up to 9.3.9. Affected by this vulnerability is an unknown functionality of the component List Block Handler. The manipulation of the argument Name/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		ConcreteCMS List Block cross site scripting
Weaknesses		CWE-79 CWE-94
References		https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc9.md https://vuldb.com/?ctiid.302023 https://vuldb.com/?id.302023 https://vuldb.com/?submit.522421
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}` cvssV3_0 `{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}` cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: REJECTED

Assigner: VulDB

Published: 2025-03-31T02:00:06.962Z

Updated: 2025-04-07T22:31:29.807Z

Reserved: 2025-03-30T07:16:07.529Z

Link: CVE-2025-2971

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-03-31T02:15:21.767

Modified: 2025-04-07T23:15:43.050

Link: CVE-2025-2971

Redhat

No data.

Metrics