CVE-2024-11488
CVSS 2.0 Score 4.0 of 10 (medium)
Details
Summary
CVE-2024-11488 is a newly disclosed vulnerability affecting versions of 115cms up to and including 20240807. This issue is classified as problematic and involves the processing of the file /app/admin/view/web_user.html. An attacker can manipulate the argument "ks" in this file, leading to a cross-site scripting (XSS) vulnerability. The exploit can be initiated remotely, allowing attackers to inject malicious code into a victim's web browser. This vulnerability has been made public, increasing the risk of exploitation. Despite early disclosure to the vendor, they have not responded or provided a patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.