CVE-2024-11488

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 20, 2024

Updated: Nov 22, 2024

CWE ID 94

CWE ID 79

Summary

CVE-2024-11488 is a recently disclosed vulnerability affecting 115cms up to version 20240807. This issue is classified as problematic due to the potential for cross-site scripting (XSS) attacks. The vulnerability is found in the processing of the file /app/admin/view/web_user.html, which can be exploited by manipulating the argument ks. An attacker can initiate this exploit remotely, making it a significant threat. Sadly, the vendor has not responded to the disclosure of this vulnerability, increasing the risk for potential attacks in the wild.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0sOUb3
https://www.cve.org/CVERecord?id=CVE-2024-11488
https://nvd.nist.gov/vuln/detail/CVE-2024-11488

Back to Vulnerability Database

CVE-2024-11488

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations