CVE-2024-11488

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Published Nov 20, 2024
Updated: Nov 21, 2024
CWE ID 94
CWE ID 79

Summary

CVE-2024-11488 is a newly disclosed vulnerability affecting versions of 115cms up to and including 20240807. This issue is classified as problematic and involves the processing of the file /app/admin/view/web_user.html. An attacker can manipulate the argument "ks" in this file, leading to a cross-site scripting (XSS) vulnerability. The exploit can be initiated remotely, allowing attackers to inject malicious code into a victim's web browser. This vulnerability has been made public, increasing the risk of exploitation. Despite early disclosure to the vendor, they have not responded or provided a patch.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share