Cross Site Scripting Flaw in LinZhaoguan pb-cms 2.0
CVE-2024-51229
8.8HIGH
Key Information:
- Vendor
- LinZhaoguan
- Vendor
- CVE Published:
- 9 January 2025
Summary
A Cross Site Scripting vulnerability exists in LinZhaoguan pb-cms version 2.0 that permits remote attackers to execute arbitrary code. This vulnerability is exploited through the theme management function, where user inputs are not properly sanitized. As a result, an attacker can inject malicious scripts, potentially compromising user sessions and manipulating web page content. It is crucial for administrators to apply updates and implement proper input validation measures to mitigate this threat.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published