CVE-2024-12503
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 94
CWE ID 79
Summary
CVE-2024-12503: A newly disclosed vulnerability impacts ClassCMS 4.8. The issue lies within the /index.php/admin component, specifically an unknown functionality of the Model Management Page. Maliciously crafted URL manipulations can lead to Cross-Site Scripting (XSS) attacks, allowing remote exploitation. Public disclosure of the exploit heightens the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share