CVE-2024-3800

CVE-2024-3800: XSS in S@M CMS

Vendor Concept Intermedia

Product S@M CMS

Weakness CWE-79 · XSS

Published June 28, 2024

Last update March 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.

Key dates

02Disclosure timeline

June 28, 2024 CVE published

March 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3800 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-3266 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability CVE-2021-24876 Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting CVE-2024-8317 WP AdCenter – Ad Manager & Adsense Ads <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_alignment Attribute CVE-2018-25101 l2c2technologies Koha opac-MARCdetail.pl cross site scripting