Cross Site Scripting Flaw in LinZhaoguan pb-cms 2.0
CVE-2024-51229

8.8HIGH

Key Information:

Vendor: LinZhaoguan
Vendor: CVE Published:; 9 January 2025

🔔 Create LinZhaoguan Vulnerability Alert

What is CVE-2024-51229?

A Cross Site Scripting vulnerability exists in LinZhaoguan pb-cms version 2.0 that permits remote attackers to execute arbitrary code. This vulnerability is exploited through the theme management function, where user inputs are not properly sanitized. As a result, an attacker can inject malicious scripts, potentially compromising user sessions and manipulating web page content. It is crucial for administrators to apply updates and implement proper input validation measures to mitigate this threat.

References

https://gitee.com/LinZhaoguan/pb-cms/issues/IAYHUP

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025