Cross-Site Scripting vulnerability in moziloCMS
Posted date 07/03/2024
Identificador
INCIBE-2024-0124
Importance
3 - Medium
Affected Resources
moziloCMS, version 2.0.
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting moziloCMS version 2.0, a simple and easy to use content management system (CMS) for users with little knowledge of HTML, which has been discovered by Juampa Rodríguez.
This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:
- CVE-2024-2245: 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.
Solution
There is no reported solution at this time.
Detail
CVE-2024-2245: Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter.
References list
Etiquetas