← Zuruck zu CVEs
CVE-2024-23782
MEDIUM5.4
Beschreibung
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht1/28/2024
Zuletzt geandert6/2/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
appleple:a-blog_cms
Schwachen (CWE)
CWE-79CWE-79
Referenzen
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html(vultures@jpcert.or.jp)
https://jvn.jp/en/jp/JVN34565930/(vultures@jpcert.or.jp)
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html(af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/en/jp/JVN34565930/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.