CVE-2024-22559

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 29, 2024

Updated: Feb 2, 2024

CWE ID 79

Summary

CVE-2024-22559 is a recently disclosed vulnerability affecting LightCMS version 2.0. The issue involves a Cross-Site Scripting (XSS) weakness in the Content Management System's Articles field. An attacker can inject malicious scripts into an article, which could then be executed in the context of other users visiting the affected webpage. This vulnerability poses a significant security risk, as it allows unauthorized code injection and potential takeover of user sessions. It is essential for users of LightCMS v2.0 to update their software as soon as a patch becomes available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uGvXE9
https://www.cve.org/CVERecord?id=CVE-2024-22559
https://nvd.nist.gov/vuln/detail/CVE-2024-22559

Back to Vulnerability Database

CVE-2024-22559

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations