Skip to main content

Elite Cms CVE-2022-40361

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-01-11 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:34 vuln.today
CVE Published
Jan 11, 2024 - 03:15 nvd
MEDIUM 6.1

DescriptionCVE.org

Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.

AnalysisAI

Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. Affected products include: Elitecms Elite Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-30816 CRITICAL POC
9.8 Jun 02

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. Rated critical severity (CVSS 9.8), this vulne

CVE-2022-30815 CRITICAL POC
9.8 Jun 02

elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=. Rated critical severity (CVSS 9

CVE-2022-30814 CRITICAL POC
9.8 Jun 02

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. Rated critical severity (CVSS 9.8), this vulne

CVE-2022-30813 CRITICAL POC
9.8 Jun 02

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2022-30810 CRITICAL POC
9.8 Jun 02

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2022-30809 CRITICAL POC
9.8 Jun 02

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. Rated critical severity (CVSS 9.8), this vu

CVE-2022-30808 CRITICAL POC
9.8 Jun 02

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. Rated critical severity (CVSS 9.8

CVE-2023-42331 HIGH POC
8.8 Sep 20

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.

CVE-2022-30804 MEDIUM POC
6.5 Jun 02

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. Rated medium severity (CVSS 6.5), thi

Share

CVE-2022-40361 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy