CVE-2024-7657

A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://vuldb.com/?ctiid.274114 Permissions Required VDB Entry
https://vuldb.com/?id.274114 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?submit.384630 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:gilacms:gila_cms:1.10.9:*:*:*:*:*:*:*

History

15 Aug 2024, 17:48

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 3.5
v2 : 4.0
v3 : 5.4
First Time Gilacms gila Cms
Gilacms
Summary
  • (es) Una vulnerabilidad fue encontrada en Gila CMS 1.10.9 y clasificada como problemática. Esta vulnerabilidad afecta a código desconocido del archivo /cm/update_rows/page?id=2 del componente HTTP POST Request Handler. La manipulación del contenido del argumento conduce a cross site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
CPE cpe:2.3:a:gilacms:gila_cms:1.10.9:*:*:*:*:*:*:*
References () https://vuldb.com/?ctiid.274114 - () https://vuldb.com/?ctiid.274114 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.274114 - () https://vuldb.com/?id.274114 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.384630 - () https://vuldb.com/?submit.384630 - Third Party Advisory, VDB Entry

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-15 17:48


NVD link : CVE-2024-7657

Mitre link : CVE-2024-7657

CVE.ORG link : CVE-2024-7657


JSON object : View

Products Affected

gilacms

  • gila_cms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')