CVE-2024-8144

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Aug 25, 2024
Updated: Aug 26, 2024
CWE ID 79

Summary

CVE-2024-8144 is a cross-site scripting (XSS) vulnerability affecting ClassCMS version 4.8, specifically within the Logo Handler component accessed via the file /index.php/admin. This vulnerability can be exploited remotely with low complexity and requires minimal user interaction, posing a danger of potential data manipulation, albeit with low severity. To remediate this issue, organizations should ensure that they update to the latest version of ClassCMS or implement additional input validation measures to mitigate the risk of XSS attacks. Given its exploitability and public disclosure, there is a risk for attackers to leverage this vulnerability in networked environments. Users are encouraged to review related resources for further guidance on mitigation strategies.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share