CVE-2024-44872 - Vulnerability Details

A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Mozilo	Mozilocms
Mozilocms	Mozilocms

Configuration 1 [-]

cpe:2.3:a:mozilo:mozilocms:3.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/moziloDasEinsteigerCMS/mozilo3.0
https://github.com/sec-fortress/Exploits/tree/main/CVE-2024-44872

History

Fri, 13 Sep 2024 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilo Mozilo mozilocms
CPEs		cpe:2.3:a:mozilo:mozilocms:3.0:::::::*
Vendors & Products		Mozilo Mozilo mozilocms

Tue, 10 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilocms Mozilocms mozilocms
Weaknesses		CWE-79
CPEs		cpe:2.3:a:mozilocms:mozilocms::::::::
Vendors & Products		Mozilocms Mozilocms mozilocms
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Sep 2024 17:00:00 +0000

Type	Values Removed	Values Added
Description		A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
References		https://github.com/moziloDasEinsteigerCMS/mozilo3.0 https://github.com/sec-fortress/Exploits/tree/main/CVE-2024-44872

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-09-10T00:00:00

Updated: 2024-09-10T19:32:13.023Z

Reserved: 2024-08-21T00:00:00

Link: CVE-2024-44872

Vulnrichment

Updated: 2024-09-10T19:31:30.676Z

NVD

Status : Analyzed

Published: 2024-09-10T17:15:37.517

Modified: 2024-09-13T15:26:12.067

Link: CVE-2024-44872

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object