CVE-2024-11175 MEDIUM

CVE-2024-11175: Public CMS Voting Management save cross site scripting

Vendor Public
Product CMS
Weakness CWE-79 · XSS
Published November 13, 2024
Last update November 13, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.

Key dates

02Disclosure timeline

November 13, 2024 CVE published
November 13, 2024 Record updated