PT-2024-23345 · Unknown · A-Blog Cms
Rikuto Tauchi
·
Published
2024-05-22
·
Updated
2025-05-12
·
CVE-2024-30419
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
a-blog cms versions prior to 3.1.12
a-blog cms versions prior to 3.0.32
a-blog cms versions prior to 2.11.61
a-blog cms versions prior to 2.10.53
a-blog cms version 2.9 and earlier
Description
A cross-site scripting vulnerability exists in a-blog cms. If this issue is exploited, a user with contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product.
Recommendations
For versions prior to 3.1.12, update to version 3.1.12 or later.
For versions prior to 3.0.32, update to version 3.0.32 or later.
For versions prior to 2.11.61, update to version 2.11.61 or later.
For versions prior to 2.10.53, update to version 2.10.53 or later.
For version 2.9 and earlier, update to a later version.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
A-Blog Cms