CVE-2024-12503 MEDIUM

CVE-2024-12503: ClassCMS Model Management Page admin cross site scripting

Vendor N/A

Product ClassCMS

Weakness CWE-79 · XSS

Published December 12, 2024

Last update December 12, 2024

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

December 12, 2024 CVE published

December 12, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-12503 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-54443 WordPress Advanced Data Table For Elementor plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-29833 WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler CVE-2024-36110 Cross-site scripting in ansibleguy-webui CVE-2024-4615 Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget CVE-2024-10746 PHPGurukul Online Shopping Portal dom_data.php cross site scripting