CVE-2024-11489

Name of the Vulnerable Software and Affected Versions 115cms up to 20240807

Description A vulnerability was found in an unknown function of the file /index.php/admin/web/file.html, which can be exploited to launch a cross-site scripting attack remotely by manipulating the ks argument. The exploit has been disclosed to the public.

Recommendations For 115cms up to 20240807, as a temporary workaround, consider restricting access to the /index.php/admin/web/file.html file until a patch is available. Avoid using the ks argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.