CVE-2024-9198 HIGH

CVE-2024-9198: Stored Cross-Site Scripting vulnerability in Clibo Manager

Vendor Clibo Manager

Product Clibo Manager

Weakness CWE-79 · XSS

Published September 26, 2024

Last update September 26, 2024

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture.

Key dates

02Disclosure timeline

September 26, 2024 CVE published

September 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-9198 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-22297 WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS) CVE-2015-10010 OpenDNS OpenResolve API endpoints.py get cross site scripting CVE-2025-30918 WordPress Structured Content plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability CVE-2017-12220 CVE-2024-32530 WordPress Simple Testimonials Showcase plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability