CVE-2024-48239

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
Configurations

No configuration.

History

29 Oct 2024, 19:35

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

28 Oct 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en WTCMS 1.0. En el método plupload en \AssetController.class.php, los parámetros de la aplicación no se procesan, lo que genera un ataque de Cross Site Scripting (XSS).

25 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-25 22:15

Updated : 2024-10-29 19:35


NVD link : CVE-2024-48239

Mitre link : CVE-2024-48239

CVE.ORG link : CVE-2024-48239


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')