CVE-2024-11489

Summary

CVE-2024-11489 is a newly disclosed vulnerability affecting 115cms up to version 20240807. This issue, which has been classified as problematic, impacts an unknown function within the /index.php/admin/web/file.html file. The manipulation of the argument 'ks' triggers a cross-site scripting (XSS) vulnerability, enabling attackers to inject malicious code into a user's browser. This attack can be launched remotely, increasing the risk for potential exploitation. Unfortunately, the exploit for this vulnerability has been made public, and there is a risk that it may already be in use. Despite early contact from security researchers, the vendor has not responded to address the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.