CVE-2024-8145

CVSS 3.1 Score 2.4 of 10 (low)

Details

Published Aug 25, 2024
Updated: Aug 26, 2024
CWE ID 80

Summary

CVE-2024-8145 is a cross-site scripting vulnerability found in ClassCMS 4.8, specifically affecting the Article Handler component through the manipulation of the Title argument in the /index.php/admin file. This vulnerability allows remote attackers to execute harmful scripts, posing a risk of partial integrity loss within affected systems. The attack requires high privileges and user interaction, making exploitation somewhat limited but still concerning due to its public disclosure. To remediate this issue, organizations should update to a patched version of ClassCMS or implement input validation and encoding mechanisms to sanitize user inputs. Given its low base severity score of 2.4, organizations should nonetheless assess their exposure and take appropriate security measures.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share