A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/acmglz/bug2_report/blob/main/classcms_xss.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.275725 | Permissions Required |
https://vuldb.com/?id.275725 | Permissions Required |
https://vuldb.com/?submit.397217 | Third Party Advisory |
Configurations
History
18 Sep 2024, 18:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Classcms
Classcms classcms |
|
CPE | cpe:2.3:a:classcms:classcms:4.8:*:*:*:*:*:*:* | |
References | () https://vuldb.com/?id.275725 - Permissions Required |
18 Sep 2024, 15:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/acmglz/bug2_report/blob/main/classcms_xss.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.275725 - Permissions Required | |
References | () https://vuldb.com/?id.275725 - Third Party Advisory | |
References | () https://vuldb.com/?submit.397217 - Third Party Advisory | |
First Time |
Classcms Project
Classcms Project classcms |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.1 |
CPE | cpe:2.3:a:classcms_project:classcms:4.8:*:*:*:*:*:*:* |
26 Aug 2024, 12:47
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Aug 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-25 04:15
Updated : 2024-09-18 18:24
NVD link : CVE-2024-8144
Mitre link : CVE-2024-8144
CVE.ORG link : CVE-2024-8144
JSON object : View
Products Affected
classcms
- classcms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')