CVE-2024-0599

A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ujcms:jspxcms:10.2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:46

Type Values Removed Values Added
References () https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf - Exploit () https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf - Exploit
References () https://vuldb.com/?ctiid.250837 - Third Party Advisory () https://vuldb.com/?ctiid.250837 - Third Party Advisory
References () https://vuldb.com/?id.250837 - Third Party Advisory () https://vuldb.com/?id.250837 - Third Party Advisory
CVSS v2 : 4.0
v3 : 5.4
v2 : 4.0
v3 : 3.5

23 Jan 2024, 19:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References () https://vuldb.com/?id.250837 - () https://vuldb.com/?id.250837 - Third Party Advisory
References () https://vuldb.com/?ctiid.250837 - () https://vuldb.com/?ctiid.250837 - Third Party Advisory
References () https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf - () https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf - Exploit
First Time Ujcms
Ujcms jspxcms
CPE cpe:2.3:a:ujcms:jspxcms:10.2.0:*:*:*:*:*:*:*

16 Jan 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-16 20:15

Updated : 2024-11-21 08:46


NVD link : CVE-2024-0599

Mitre link : CVE-2024-0599

CVE.ORG link : CVE-2024-0599


JSON object : View

Products Affected

ujcms

  • jspxcms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')