CVE-2024-1257 LOW

CVE-2024-1257: Jspxcms find_text.do cross site scripting

Vendor N/A

Product Jspxcms

Weakness CWE-79 · XSS

Published February 6, 2024

Last update June 17, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996.

Key dates

02Disclosure timeline

February 6, 2024 CVE published

June 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-1257

Related vulnerabilities

04Related CVE

CVE-2025-62058 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability CVE-2021-24571 HD Quiz < 1.8.4 - Authenticated Stored XSS CVE-2026-4852 Image Source Control Lite – Show Image Credits and Captions <= 3.9.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'Image Source' Field CVE-2024-49663 WordPress uCAT – Next Story plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-53202 WordPress Responsive Blocks plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability