Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
References
Link | Resource |
---|---|
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Jan 2024, 22:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://developer.a-blogcms.jp/blog/news/JVN-34565930.html - Vendor Advisory | |
References | () https://jvn.jp/en/jp/JVN34565930/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-79 | |
CPE | cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* |
23 Jan 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-23 10:15
Updated : 2024-02-05 00:22
NVD link : CVE-2024-23183
Mitre link : CVE-2024-23183
CVE.ORG link : CVE-2024-23183
JSON object : View
Products Affected
appleple
- a-blog_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')