S@M CMS Vulnerable to Reflected XSS via Included Scripts in Requested File Names
CVE-2024-3800

6.1MEDIUM

Key Information:

Vendor: Concept Intermedia
Status: S@m Cms
Vendor: CVE Published:; 28 June 2024

🔔 Create Concept Intermedia Vulnerability Alert

What is CVE-2024-3800?

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

S@M CMS 0 <= 3.3

References

https://cert.pl/en/posts/2024/06/CVE-2024-3800

third-party-advisory

https://cert.pl/posts/2024/06/CVE-2024-3800

third-party-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Apr 15, 2024

Credit

Krzysztof Zając (CERT.PL)

JSON

Concept Intermedia