Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser.
References
Link | Resource |
---|---|
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Jan 2024, 22:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
References | () https://jvn.jp/en/jp/JVN34565930/ - Third Party Advisory | |
References | () https://developer.a-blogcms.jp/blog/news/JVN-34565930.html - Vendor Advisory | |
First Time |
Appleple a-blog Cms
Appleple |
23 Jan 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-23 10:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-23181
Mitre link : CVE-2024-23181
CVE.ORG link : CVE-2024-23181
JSON object : View
Products Affected
appleple
- a-blog_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')