CVE Vulnerabilities

CVE-2024-23348

Published: Jan 23, 2024 | Modified: Jan 29, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.

Affected Software

Name Vendor Start Version End Version
A-blog_cms Appleple * 2.9.0 (including)
A-blog_cms Appleple 2.10.0 (including) 2.10.50 (excluding)
A-blog_cms Appleple 2.11.0 (including) 2.11.58 (excluding)
A-blog_cms Appleple 3.0.0 (including) 3.0.29 (excluding)
A-blog_cms Appleple 3.1.0 (including) 3.1.7 (excluding)

References