VDB-282089 · CVE-2024-10478 · IAYIAO

LinZhaoguan pb-cms har 2.0.1 Edit Article /admin#article/edit?id=2 Cross Site Scripting

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a LinZhaoguan pb-cms har 2.0.1. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /admin#article/edit?id=2, a cikin sashi Edit Article Handler. Wuro manipulation ga Cross Site Scripting. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-79. Lalle, rauni an sanar da shi 10/28/2024 da IAYIAO. Ana samun bayanin tsaro don saukewa a gitee.com. Ana kiran wannan rauni da CVE-2024-10478. Ngam yiɗi ka a tuma ndiyam ka nder internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a gitee.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

4 Goyarwa · 102 Datenpunkte

Furɗe	Súgá 10/28/2024 19:50	Gargadi 1/3 10/29/2024 11:24	Gargadi 2/3 03/02/2025 19:13	Gargadi 3/3 09/29/2025 21:02
vulnerability_cwe	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)
vulnerability_risk	1	1	1	1
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	H	H	H	H
cvss3_vuldb_ui	R	R	R	R
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	N	N	N	N
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	N	N	N	N
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_identifier	IAYIAO	IAYIAO	IAYIAO	IAYIAO
advisory_url	https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO	https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO	https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO	https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO	https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO	https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO	https://gitee.com/LinZhaoguan/pb-cms/issues/IAYIAO
source_cve	CVE-2024-10478	CVE-2024-10478	CVE-2024-10478	CVE-2024-10478
cna_responsible	VulDB	VulDB	VulDB	VulDB
software_type	Content Management System	Content Management System	Content Management System	Content Management System
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_au	M	M	M	M
cvss2_vuldb_ci	N	N	N	N
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	N	N	N	N
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	H	H	H	H
cvss4_vuldb_vc	N	N	N	N
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	N	N	N	N
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_ui	N	N	P	P
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	3.3	3.3	3.3	3.3
cvss2_vuldb_tempscore	2.8	2.8	2.8	2.8
cvss3_vuldb_basescore	2.4	2.4	2.4	2.4
cvss3_vuldb_tempscore	2.2	2.2	2.2	2.2
cvss3_meta_basescore	2.4	2.4	2.4	3.4
cvss3_meta_tempscore	2.2	2.3	2.3	3.3
cvss4_vuldb_bscore	5.1	5.1	4.8	4.8
cvss4_vuldb_btscore	2.0	2.0	1.9	1.9
advisory_date	1730070000 (10/28/2024)	1730070000 (10/28/2024)	1730070000 (10/28/2024)	1730070000 (10/28/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_vendor	LinZhaoguan	LinZhaoguan	LinZhaoguan	LinZhaoguan
software_name	pb-cms	pb-cms	pb-cms	pb-cms
software_version	<=2.0.1	<=2.0.1	<=2.0.1	<=2.0.1
software_component	Edit Article Handler	Edit Article Handler	Edit Article Handler	Edit Article Handler
software_file	/admin#article/edit?id=2	/admin#article/edit?id=2	/admin#article/edit?id=2	/admin#article/edit?id=2
cve_nvd_summary		A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. This issue affects some unknown processing of the file /admin#article/edit?id=2 of the component Edit Article Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. This issue affects some unknown processing of the file /admin#article/edit?id=2 of the component Edit Article Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. This issue affects some unknown processing of the file /admin#article/edit?id=2 of the component Edit Article Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		H	H	H
cvss4_cna_ui		N	N	N
cvss4_cna_vc		N	N	N
cvss4_cna_vi		L	L	L
cvss4_cna_va		N	N	N
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.1	5.1	5.1
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		H	H	H
cvss3_cna_ui		R	R	R
cvss3_cna_s		U	U	U
cvss3_cna_c		N	N	N
cvss3_cna_i		L	L	L
cvss3_cna_a		N	N	N
cvss3_cna_basescore		2.4	2.4	2.4
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		M	M	M
cvss2_cna_ci		N	N	N
cvss2_cna_ii		P	P	P
cvss2_cna_ai		N	N	N
cvss2_cna_basescore		3.3	3.3	3.3
cve_nvd_summaryes				Se ha encontrado una vulnerabilidad clasificada como problemática en LinZhaoguan pb-cms hasta la versión 2.0.1. Este problema afecta a algunos procesos desconocidos del archivo /admin#article/edit?id=2 del componente Edit Article Handler. La manipulación conduce a Cross Site Scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				R
cvss3_nvd_s				C
cvss3_nvd_c				L
cvss3_nvd_i				L
cvss3_nvd_a				N
cvss3_nvd_basescore				5.4

◂ Gurɗo Gumti Gada ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!