LinZhaoguan pb-cms <=2.0.1 Theme Management Module XSS Vulnerability (CVE-2024-10479)

Key Information Vulnerability Description Name: LINZHAOGUAN PB-CMS UP TO 2.0.1 THEME MANAGEMENT MODULE /ADMIN#THEMES CROSS SITE SCRIPTING CVE ID: CVE-2024-10479 Affected Versions: LinZhaoguan pb-cms up to 2.0.1 Component: Theme Management Module Issue: A Cross-Site Scripting (XSS) vulnerability exists in the unknown file . CWE ID: CWE-79 Description: The product fails to properly neutralize or does not neutralize user-controllable input before outputting it to other users, resulting in compromised integrity. CVSS Meta Temp Score Score: 2.3 Current Exploit Price Price: $0–$5k CTI Interest Score Score: 1.73 Additional Information Disclosure: The vulnerability has been publicly disclosed and may be exploited. Exploit Difficulty: Low difficulty. Technical Details: Known technical details and public exploits available. Impact: Affected components may need to be replaced. Reference: Related vulnerability record in VDB-270495. CVE Summary Description: A Cross-Site Scripting (XSS) vulnerability exists in the unknown file . Exploit: Can be exploited remotely. Technical Details: Known technical details and public exploits available. Impact: Affected components may need to be replaced. Public Information Disclosure Platform: gitee.com Exploit Difficulty: Low difficulty. Technical Details: Known technical details and public exploits available. Impact: Affected components may need to be replaced. Related Links Product: VDB-270495 Summary This vulnerability is a Cross-Site Scripting (XSS) flaw affecting the Theme Management Module component in LinZhaoguan pb-cms up to version 2.0.1. It could allow malicious actors to tamper with user data, thereby compromising system integrity. The exploit difficulty is low, technical details are known, and the vulnerability has been publicly disclosed. Affected users are advised to promptly update to the latest version or replace the affected component.

Goal Reached Thanks to every supporter — we hit 100%!

LinZhaoguan pb-cms <=2.0.1 Theme Management Module XSS Vulnerability (CVE-2024-10479)