CVE-2024-3801 Information

Description

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters.  Only a part of observed services is vulnerable but since vendor has not investigated the root problem it is hard to determine when the issue appears.

Reference

https://cert.pl/en/posts/2024/06/CVE-2024-3800 https://cert.pl/posts/2024/06/CVE-2024-3800