8.8
CVE-2024-23348
- EPSS 0.92%
- Veröffentlicht 23.01.2024 10:15:10
- Zuletzt bearbeitet 30.05.2025 15:15:35
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginImproper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Appleple ≫ A-blog Cms Version <= 2.9.0
Appleple ≫ A-blog Cms Version >= 2.10.0 < 2.10.50
Appleple ≫ A-blog Cms Version >= 2.11.0 < 2.11.58
Appleple ≫ A-blog Cms Version >= 3.0.0 < 3.0.29
Appleple ≫ A-blog Cms Version >= 3.1.0 < 3.1.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.92% | 0.753 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|