CVE-2024-12348

CVSS V2 None CVSS V3 None
Description
A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files[] leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Overview
  • CVE ID
  • CVE-2024-12348
  • Assigner
  • VulDB
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-09T00:00:12.081Z
  • Last Modified Date
  • 2024-12-09T00:00:12.081Z
References
Reference URL Reference Tags
https://vuldb.com/?id.287268 vdb-entry technical-description
https://vuldb.com/?ctiid.287268 signature permissions-required
https://vuldb.com/?submit.454825 third-party-advisory
https://github.com/dycccccccc/jpress/blob/main/JPRESS%20has%20XSS%20vulnerability.docx exploit
History
Created Old Value New Value Data Type Notes
2024-12-09 13:13:21 Added to TrackCVE