CVSS 3.1 Score 5.8 of 10 (medium)


Published Mar 19, 2024


CVE-2024-1146 is a Cross-Site Scripting vulnerability found in Devklan's Alma Blog version 2.1.10 and earlier. This vulnerability allows an attacker to inject malicious JavaScript code into the application by adding it to the 'Community Description' or 'Community Rules'. The risk score for this vulnerability is 25, indicating a medium severity level. The exploitability score is 3.9, and the base score is 5.8. The potential danger to organizations is relatively low, with a confidentiality impact rating of low and no integrity or availability impact identified. To remediate this vulnerability, organizations should update their Alma Blog software to the latest version available.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1146 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options