Key Information Vulnerability Description Vulnerability ID: VDB-283853, CVE-2024-11070 Vulnerability Name: Sanluan PublicCMS 5.202406.D Tag Type /ADMIN/CMSTAGTYPE/SAVE NAME CROSS SITE SCRIPTING Affected Version: Sanluan PublicCMS 5.202406.d Affected Component: Tag Type Handler Issue Description: The vulnerability exists in an unknown file, allowing cross-site scripting (XSS) attacks via unknown input. CVSS Meta Temp Score Score: 3.2 Current Exploit Price Price Range: $0–$5k CTI Interest Score Score: 1.04 Impact Impact Type: Integrity Attack Vector: Remote Attack Complexity: Low User Interaction: Requires some user interaction Technical Details: Known Public Exploit: Known MITRE ATT&CK: Utilizes T1059.007 attack technique Remediation Recommendation: Use alternative products References: VDB-281499, VDB-281500, VDB-281512, VDB-282274 Vendor Name: Sanluan Summary This vulnerability is a Cross-Site Scripting (XSS) flaw present in the Tag Type Handler component of Sanluan PublicCMS 5.202406.d. Attackers can exploit this vulnerability to execute malicious scripts on affected websites via unknown input. The CVSS score is 3.2, indicating a low severity level. The current exploit price ranges from $0 to $5k, reflecting low exploitation difficulty. Affected users are advised to switch to alternative products to mitigate the risk.