CVE-2024-2727 MEDIUM

CVE-2024-2727: Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system

Vendor Ciges

Product CIGESv2

Weakness CWE-79 · XSS

Published March 22, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message.

Key dates

02Disclosure timeline

March 22, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2727 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-15219 SohuTV CacheCloud MachineManageController.java doPodList cross site scripting CVE-2025-53469 WordPress BMI Adult & Kid Calculator Plugin <= 1.2.2 - Cross Site Scripting (XSS) Vulnerability CVE-2023-41737 WordPress Swifty Bar, sticky bar by WPGens Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS) CVE-2025-47089 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2022-1464 Stored xss bug in gogs/gogs