CVE-2024-31395

{"id": "CVE-2024-31395", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-05-22T05:15:53.120", "references": [{"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN70977403/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jvn.jp/en/jp/JVN70977403/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page."}, {"lang": "es", "value": "La vulnerabilidad de Cross-Site Scripting existe en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.12, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.32, versiones de la serie Ver.2.11.x anteriores a Ver.2.11.61, versiones de la serie Ver.2.10.x anteriores a Ver.2.10.53 y Ver.2.9 y versiones anteriores. Si se explota esta vulnerabilidad, un usuario con un privilegio de editor o superior que pueda iniciar sesi\u00f3n en el producto puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 a la p\u00e1gina de administraci\u00f3n de programaci\u00f3n."}], "lastModified": "2025-05-12T14:23:17.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49BBE24F-A0EA-49F6-B2C2-732AF0DA0F87", "versionEndExcluding": "2.10.53"}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38B5399B-4410-471F-AC10-82E4946957F0", "versionEndExcluding": "2.11.61", "versionStartIncluding": "2.11.0"}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5CDA3C7-736D-4E64-B2E0-7C45C702DF32", "versionEndExcluding": "3.0.32", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "358CC9AE-9361-45BA-B28D-1AE64536FA46", "versionEndExcluding": "3.1.12", "versionStartIncluding": "3.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}