CVE-2024-11175

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-11175
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.

4.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://vuldb.com/?id.284351 Permissions Required VDB Entry
https://vuldb.com/?ctiid.284351 Permissions Required VDB Entry
https://gitee.com/sanluan/PublicCMS/issues/IB2BUV Exploit
https://gitee.com/sanluan/PublicCMS/commit/b9530b9cc1f5cfdad4b637874f59029a6283a65c Permissions Required
Configurations

Configuration 1 (hide)

cpe:2.3:a:publiccms:publiccms:5.202406.d:*:*:*:*:*:*:*
History

15 Nov 2024, 22:50

Type Values Removed Values Added
References () https://vuldb.com/?ctiid.284351 - () https://vuldb.com/?ctiid.284351 - Permissions Required, VDB Entry
References () https://gitee.com/sanluan/PublicCMS/commit/b9530b9cc1f5cfdad4b637874f59029a6283a65c - () https://gitee.com/sanluan/PublicCMS/commit/b9530b9cc1f5cfdad4b637874f59029a6283a65c - Permissions Required
References () https://vuldb.com/?id.284351 - () https://vuldb.com/?id.284351 - Permissions Required, VDB Entry
References () https://gitee.com/sanluan/PublicCMS/issues/IB2BUV - () https://gitee.com/sanluan/PublicCMS/issues/IB2BUV - Exploit
CWE CWE-79
CPE cpe:2.3:a:publiccms:publiccms:5.202406.d:*:*:*:*:*:*:*
First Time Publiccms publiccms
Publiccms
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.8

13 Nov 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-13 16:15

Updated : 2024-11-15 22:50

NVD link : CVE-2024-11175

Mitre link : CVE-2024-11175

JSON object : View

Products Affected

publiccms

  • publiccms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')