CVE-2024-28190

{"id": "CVE-2024-28190", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-04-09T14:15:08.503", "references": [{"url": "https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/contao/contao/commit/878d28dbe0f408740555d6fc8b634bd3f8febfce", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/contao/contao/commit/b794e14fff070101bf6a885da9b1a83395093b4d", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/contao/contao/security/advisories/GHSA-v24p-7p4j-qvvf", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/contao/contao/commit/878d28dbe0f408740555d6fc8b634bd3f8febfce", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/contao/contao/commit/b794e14fff070101bf6a885da9b1a83395093b4d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/contao/contao/security/advisories/GHSA-v24p-7p4j-qvvf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users."}, {"lang": "es", "value": "Contao es un sistema de gesti\u00f3n de contenidos de c\u00f3digo abierto. A partir de la versi\u00f3n 4.0.0 y antes de la versi\u00f3n 4.13.40 y 5.3.4, los usuarios pueden inyectar c\u00f3digo malicioso en los nombres de archivos al cargar archivos (back-end y front-end), que luego se ejecuta en informaci\u00f3n sobre herramientas y ventanas emergentes en el back-end. Las versiones 4.13.40 y 5.3.4 de Contao tienen un parche para este problema. Como workaround, elimine los campos de carga de los formularios frontales y deshabilite las cargas para usuarios finales que no sean de confianza."}], "lastModified": "2025-01-16T19:54:16.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "302B7F92-FC7F-4E43-BEE2-7D493B03CB0C", "versionEndExcluding": "4.13.40", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "556D1F95-B80C-4819-BFC2-CF3EF735BBE6", "versionEndExcluding": "5.3.4", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}