A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
History

Fri, 13 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Classcms
Classcms classcms
CPEs cpe:2.3:a:classcms:classcms:4.8:*:*:*:*:*:*:*
Vendors & Products Classcms
Classcms classcms

Thu, 12 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Dec 2024 00:30:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title ClassCMS Model Management Page admin cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N'}

cvssV3_0

{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-12T00:00:12.835Z

Updated: 2024-12-12T15:47:52.404Z

Reserved: 2024-12-11T13:08:25.963Z

Link: CVE-2024-12503

cve-icon Vulnrichment

Updated: 2024-12-12T15:47:39.261Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-12T02:15:22.530

Modified: 2024-12-13T17:13:37.483

Link: CVE-2024-12503

cve-icon Redhat

No data.