CVE-2024-11492

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 94

CWE ID 79

Summary

CVE-2024-11492 is a newly disclosed vulnerability affecting 115cms up to version 20240807. This issue lies in the /index.php/admin/web/appurladd.html file, and the manipulation of the tid argument triggers Cross-Site Scripting (XSS). The vulnerability allows remote attackers to initiate the exploit, making it a significant security concern. Despite early notification to the vendor, no response or patch has been reported yet, increasing the risk for potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0sOUb5
https://www.cve.org/CVERecord?id=CVE-2024-11492
https://nvd.nist.gov/vuln/detail/CVE-2024-11492

Back to Vulnerability Database

CVE-2024-11492

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations