PT-2024-34158 · Unknown · Instantcms
Amal264882
·
Published
2024-10-29
·
Updated
2025-02-14
·
CVE-2024-50348
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
InstantCMS versions prior to 2.16.3
Description:
The issue is related to a lack of input validation in the photo upload function on the photo album page, allowing attackers to inject and execute Cross Site Scripting (XSS) payloads.
Recommendations:
For versions prior to 2.16.3, update to version 2.16.3 to resolve the issue. As a temporary workaround, consider disabling the photo upload function in the photo album page until the update is applied. Restrict access to the photo album page to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Instantcms