PT-2024-19699 · Unknown · A-Blog Cms
Kentaro Ishii
·
Published
2024-01-23
·
Updated
2025-06-20
·
CVE-2024-23181
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
a-blog cms versions prior to 3.1.7
a-blog cms versions prior to 3.0.29
a-blog cms versions prior to 2.11.58
a-blog cms versions prior to 2.10.50
a-blog cms version 2.9.0 and earlier
Description
The issue allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser. This is a cross-site scripting vulnerability.
Recommendations
For versions prior to 3.1.7, update to version 3.1.7 or later.
For versions prior to 3.0.29, update to version 3.0.29 or later.
For versions prior to 2.11.58, update to version 2.11.58 or later.
For versions prior to 2.10.50, update to version 2.10.50 or later.
For version 2.9.0 and earlier, update to a later version.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
A-Blog Cms