CVE-2024-5380 MEDIUM

CVE-2024-5380: jsy-1 short-url admin.php cross site scripting

Vendor Jsy-1

Product short-url

Weakness CWE-79 · XSS

Published May 26, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 35c790897d6979392bc6f60707fc32da13a98b63. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266292.

Key dates

02Disclosure timeline

May 26, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5380

Related vulnerabilities

04Related CVE

CVE-2023-5338 Theme Blvd Shortcodes <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-23833 WordPress Links/Problem Reporter plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability CVE-2021-24811 Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting CVE-2024-29833 WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler CVE-2026-8853 MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter