CVE-2024-10928

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

cpe:2.3:a:monocms:monocms:*:*:*:*:*:*:*:*

History

22 Nov 2024, 19:10

Type Values Removed Values Added
References () https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20MonoCMS%2023-20240528%20-%20(opensaved.php).md - () https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20MonoCMS%2023-20240528%20-%20(opensaved.php).md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.283327 - () https://vuldb.com/?ctiid.283327 - Permissions Required
References () https://vuldb.com/?id.283327 - () https://vuldb.com/?id.283327 - Third Party Advisory
References () https://vuldb.com/?submit.434189 - () https://vuldb.com/?submit.434189 - Third Party Advisory
First Time Monocms monocms
Monocms
CPE cpe:2.3:a:monocms:monocms:*:*:*:*:*:*:*:*

08 Nov 2024, 19:01

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad en MonoCMS hasta 20240528. Se ha declarado como problemática. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /monofiles/opensaved.php del componente Posts Page. La manipulación del argumento filtcategory/filtstatus provoca cross-site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta revelación, pero no respondió de ninguna manera.

06 Nov 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-06 23:15

Updated : 2024-11-22 19:10


NVD link : CVE-2024-10928

Mitre link : CVE-2024-10928

CVE.ORG link : CVE-2024-10928


JSON object : View

Products Affected

monocms

  • monocms
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')