CVE-2024-0599 LOW

CVE-2024-0599: Jspxcms Document Management Page InfoController.java cross site scripting

Vendor N/A

Product Jspxcms

Weakness CWE-79 · XSS

Published January 16, 2024

Last update May 9, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

Description

A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability.

Key dates

Disclosure timeline

January 16, 2024 CVE published

May 9, 2025 Record updated