Cross-Site Scripting Vulnerability in Antabot White-Jotter Article Content Editor
CVE-2024-13031

5.1MEDIUM

Key Information:

Vendor

Antabot

Status
White-jotter
Vendor
CVE Published:
30 December 2024
🔔 Create Antabot Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-13031?

A security issue has been identified in Antabot White-Jotter, specifically within the Article Content Editor component. The vulnerability resides in an undisclosed function linked to the file /admin/content/editor, allowing for cross-site scripting (XSS) attacks. This poses risks as attackers can manipulate the content and execute scripts in the user's browser session. The exploit is remote, meaning that it can be triggered without physical access or local interaction with the system. Public disclosure of the exploit raises concerns about potential widespread vulnerabilities if not addressed promptly.

Affected Version(s)

White-Jotter 0.2.0

White-Jotter 0.2.1

White-Jotter 0.2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-13031 - Proof of Concept

References

https://vuldb.com/?id.289764
vdb-entry
https://vuldb.com/?ctiid.289764
signaturepermissions-required
https://vuldb.com/?submit.466530
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

vastzero (VulDB User)
.