CVE-2024-10927

A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

cpe:2.3:a:monocms:monocms:*:*:*:*:*:*:*:*

History

22 Nov 2024, 19:14

Type Values Removed Values Added
References () https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20MonoCMS%2023-20240528%20-%20(account.php).md - () https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20MonoCMS%2023-20240528%20-%20(account.php).md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.283326 - () https://vuldb.com/?ctiid.283326 - Permissions Required
References () https://vuldb.com/?id.283326 - () https://vuldb.com/?id.283326 - Third Party Advisory
References () https://vuldb.com/?submit.434188 - () https://vuldb.com/?submit.434188 - Third Party Advisory
First Time Monocms monocms
Monocms
CPE cpe:2.3:a:monocms:monocms:*:*:*:*:*:*:*:*

08 Nov 2024, 19:01

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad en MonoCMS hasta 20240528. Se ha clasificado como problemática. Se trata de una función desconocida del archivo /monofiles/account.php del componente Account Information Page. La manipulación del argumento userid provoca cross-site scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó al proveedor con antelación sobre esta revelación, pero no respondió de ninguna manera.

06 Nov 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-06 23:15

Updated : 2024-11-22 19:14


NVD link : CVE-2024-10927

Mitre link : CVE-2024-10927

CVE.ORG link : CVE-2024-10927


JSON object : View

Products Affected

monocms

  • monocms
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')