Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.
References
| Link | Resource |
|---|---|
| https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory |
| https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory |
| https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory |
| https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://developer.a-blogcms.jp/blog/news/security-202202.html - Vendor Advisory | |
| References | () https://jvn.jp/en/jp/JVN14706307/index.html - Third Party Advisory |
Information
Published : 2022-02-24 15:15
Updated : 2024-11-21 06:50
NVD link : CVE-2022-24374
Mitre link : CVE-2022-24374
CVE.ORG link : CVE-2022-24374
JSON object : View
Products Affected
appleple
- a-blog_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')