Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
References
Link | Resource |
---|---|
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://developer.a-blogcms.jp/blog/news/JVN-34565930.html - Vendor Advisory | |
References | () https://jvn.jp/en/jp/JVN34565930/ - Third Party Advisory |
29 Jan 2024, 22:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://developer.a-blogcms.jp/blog/news/JVN-34565930.html - Vendor Advisory | |
References | () https://jvn.jp/en/jp/JVN34565930/ - Third Party Advisory | |
CPE | cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | NVD-CWE-noinfo |
23 Jan 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-23 10:15
Updated : 2024-11-21 08:57
NVD link : CVE-2024-23348
Mitre link : CVE-2024-23348
CVE.ORG link : CVE-2024-23348
JSON object : View
Products Affected
appleple
- a-blog_cms
CWE