pb-cms: Cross Site Scripting (CVE-2024-10477) #shorts #breaking
CVE
This CVE relates to a Cross Site Scripting vulnerability discovered in LinZhaoguan pb-cms versions up to 2.0.1. It affects the Permission Management Page, specifically the file found at /admin#permissions. The weakness can be exploited remotely by manipulating certain code, leading to unauthorized scripts being executed in a user's browser. The exploit for this vulnerability has been made public, potentially enabling attackers to initiate remote Cross Site Scripting attacks. This vulnerability was identified just one day ago and is classified as problematic, affecting users of LinZhaoguan pb-cms in the specified version range.
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
CVE database technical details
Description
A vulnerability classified as problematic was found in LinZhaoguan pb-cms up to 2.0.1. This vulnerability affects unknown code of the file /admin#permissions of the component Permission Management Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,In LinZhaoguan pb-cms bis 2.0.1 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin#permissions der Komponente Permission Management Page. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CWE / problem types
Cross Site Scripting
Affected Software Versions
LinZhaoguan:pb-cms:[{'version': '2.0.0', 'status': 'affected'}, {'version': '2.0.1', 'status': 'affected'}]
Date Published
2024-10-29T00:31:08.354Z
Last Updated
2024-10-29T15:33:31.461Z
