Cross-Site Scripting vulnerability in moziloCMS

Posted date 07/03/2024
Identificador
INCIBE-2024-0124
Importance
3 - Medium
Affected Resources

moziloCMS, version 2.0.

Description

INCIBE has coordinated the publication of a medium severity vulnerability affecting moziloCMS version 2.0, a simple and easy to use content management system (CMS) for users with little knowledge of HTML, which has been discovered by Juampa Rodríguez.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-2245: 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.
Solution

There is no reported solution at this time.

Detail

CVE-2024-2245: Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter.

References list