CVE-2024-11489

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 20, 2024

Updated: Nov 22, 2024

CWE ID 94

CWE ID 79

Summary

CVE-2024-11489 is a newly disclosed vulnerability affecting 115cms up to version 20240807. This issue is classified as problematic, as it enables cross-site scripting (XSS) attacks. The vulnerability lies within an unknown function of the file /index.php/admin/web/file.html and can be exploited by manipulating the argument 'ks'. Attacks can be launched remotely, and the exploit has already been made public. Despite early disclosure to the vendor, they have yet to respond or provide a patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0sOUb2
https://www.cve.org/CVERecord?id=CVE-2024-11489
https://nvd.nist.gov/vuln/detail/CVE-2024-11489

Back to Vulnerability Database

CVE-2024-11489

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations