CVE-2024-2726 MEDIUM

CVE-2024-2726: Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system

Vendor Ciges
Product CIGESv2
Weakness CWE-79 · XSS
Published March 22, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration.

Key dates

02Disclosure timeline

March 22, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-9386 Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2024-7812 SourceCodester Best House Rental Management System POST Parameter ajax.php cross site scripting CVE-2024-36149 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-9116 Monkee-Boy Essentials <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2025-1457 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting