CVE-2024-3801

CVE-2024-3801: XSS in S@M CMS

Vendor Concept Intermedia

Product S@M CMS

Weakness CWE-79 · XSS

Published June 28, 2024

Last update October 30, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.

Key dates

02Disclosure timeline

June 28, 2024 CVE published

October 30, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3801 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-47750 YouPHPTube <= 7.8 - Cross-Site Scripting CVE-2022-31064 Cross site scripting in username that will trigger by sending chat CVE-2023-7149 code-projects QR Code Generator cross site scripting CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates CVE-2025-41695 Reflected XSS vulnerability in dyn_conn.php