CVE

CVE-2024-3800

Severity:

Pending analysis

Type:

CWE-79 Cross-Site Scripting (XSS)

Publication date:

28/06/2024

Last modified:

28/06/2024

Description

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names. <br /> Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.

References to Advisories, Solutions, and Tools

https://cert.pl/en/posts/2024/06/CVE-2024-3800
https://cert.pl/posts/2024/06/CVE-2024-3800