CVE-2024-39143

A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload.
References
Link Resource
https://github.com/Coderberg/ResidenceCMS/issues/128 Exploit Issue Tracking Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:coderberg:residencecms:2.10.1:*:*:*:*:*:*:*

History

03 Jul 2024, 18:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
Summary
  • (es) Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en ResidenceCMS 2.10.1 que permite a un usuario con pocos privilegios crear contenido de propiedad malicioso con HTML en su interior que actúa como un payload XSS almacenado.
References () https://github.com/Coderberg/ResidenceCMS/issues/128 - () https://github.com/Coderberg/ResidenceCMS/issues/128 - Exploit, Issue Tracking, Patch
CWE CWE-79
CPE cpe:2.3:a:coderberg:residencecms:2.10.1:*:*:*:*:*:*:*
First Time Coderberg
Coderberg residencecms

02 Jul 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-02 14:15

Updated : 2024-10-27 22:35


NVD link : CVE-2024-39143

Mitre link : CVE-2024-39143

CVE.ORG link : CVE-2024-39143


JSON object : View

Products Affected

coderberg

  • residencecms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')