PT-2024-19701 · Unknown · A-Blog Cms
Yuji Tounai
·
Published
2024-01-23
·
Updated
2025-06-20
·
CVE-2024-23183
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
a-blog cms versions prior to 3.1.7
a-blog cms versions prior to 3.0.29
a-blog cms versions prior to 2.11.58
a-blog cms versions prior to 2.10.50
a-blog cms version 2.9.0 and earlier
Description
The issue allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser. This is due to a cross-site scripting vulnerability.
Recommendations
For versions prior to 3.1.7, update to version 3.1.7 or later.
For versions prior to 3.0.29, update to version 3.0.29 or later.
For versions prior to 2.11.58, update to version 2.11.58 or later.
For versions prior to 2.10.50, update to version 2.10.50 or later.
For version 2.9.0 and earlier, update to a version later than 2.9.0.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
A-Blog Cms