PT-2024-20377 · Xunruicms · Xunruicms
薛定谔的第二滴
·
Published
2024-02-02
·
Updated
2024-02-08
·
CVE-2024-24388
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
XunRuiCMS versions v4.6.2 and before
Description
A cross-site scripting (XSS) issue allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. This can be achieved by sending malicious requests to the background login endpoint.
Recommendations
For versions v4.6.2 and before, update to a version later than v4.6.2 to resolve the issue. As a temporary workaround, consider restricting access to the background login endpoint to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xunruicms