CVE-2024-11489

CVSS 2.0 Score 4 of 10 (medium)

Details

Published Nov 20, 2024
Updated: Nov 21, 2024
CWE ID 94
CWE ID 79

Summary

CVE-2024-11489 is a newly disclosed vulnerability affecting 115cms up to version 20240807. This issue is classified as problematic and impacts an unknown function within the file /index.php/admin/web/file.html. Manipulation of the argument 'ks' can lead to cross-site scripting (XSS) attacks, enabling remote attackers to inject malicious code into a user's browser. As of now, the exploit is publicly available, increasing the risk of potential attacks on unpatched systems. Despite early disclosure to the vendor, no response has been recorded.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share