CVE-2024-11175

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.

CVSS v3 3.5 LOW
CVSS v2.0 4.0 MEDIUM

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://gitee.com/sanluan/PublicCMS/commit/b9530b9cc1f5cfdad4b637874f59029a6283a65c	Permissions Required
https://gitee.com/sanluan/PublicCMS/issues/IB2BUV	Exploit
https://vuldb.com/?ctiid.284351	Permissions Required VDB Entry
https://vuldb.com/?id.284351	Permissions Required VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:publiccms:publiccms:5.202406.d:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-13 16:15

Updated : 2024-11-15 22:50

NVD link : CVE-2024-11175

Mitre link : CVE-2024-11175

CVE.ORG link : CVE-2024-11175

JSON object : View

Products Affected

publiccms

publiccms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-11175", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.3, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-13T16:15:17.740", "references": [{"url": "https://gitee.com/sanluan/PublicCMS/commit/b9530b9cc1f5cfdad4b637874f59029a6283a65c", "tags": ["Permissions Required"], "source": "cna@vuldb.com"}, {"url": "https://gitee.com/sanluan/PublicCMS/issues/IB2BUV", "tags": ["Exploit"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.284351", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.284351", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Public CMS 5.202406.d y se clasific\u00f3 como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /admin/cmsVote/save del componente Voting Management. La manipulaci\u00f3n conduce a Cross-Site Scripting. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. El parche se llama b9530b9cc1f5cfdad4b637874f59029a6283a65c. Se recomienda aplicar un parche para solucionar este problema."}], "lastModified": "2024-11-15T22:50:48.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:publiccms:publiccms:5.202406.d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85610E70-6347-47C4-9F7B-2407D2AEA5CF"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}