CVE-2024-11491

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 94

CWE ID 79

Summary

CVE-2024-11491 is a newly disclosed vulnerability affecting 115cms up to version 20240807. This issue, which has been rated as problematic, impacts an unspecified functionality in the file /index.php/admin/web/useradmin.html. Manipulation of the argument 'ks' can lead to cross-site scripting, enabling attackers to inject malicious code. The attack can be executed remotely, and the exploit has become publicly available, increasing the risk. Despite early notification, the vendor has not responded to disclosure efforts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0sNp9W
https://www.cve.org/CVERecord?id=CVE-2024-11491
https://nvd.nist.gov/vuln/detail/CVE-2024-11491

Back to Vulnerability Database

CVE-2024-11491

CVSS 3.1 Score 3.5 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations