Skip to main content

Minicms CVE-2024-31741

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-04-26 cve@mitre.org
6.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 26, 2024 - 22:15 cve.org
MEDIUM 6.1

DescriptionCVE.org

Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.

AnalysisAI

Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. Affected products include: 1234N Minicms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2018-18892 CRITICAL POC
9.8 Nov 01

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name

CVE-2018-9092 HIGH POC
8.8 Mar 27

There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. R

CVE-2012-5231 HIGH POC
7.5 Oct 01

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variabl

CVE-2022-33121 HIGH POC
8.1 Jun 24

A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clickin

CVE-2018-18891 HIGH POC
7.5 Nov 01

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs to

CVE-2024-9282 MEDIUM POC
6.9 Sep 27

A vulnerability was found in bg5sbk MiniCMS 1.11. Rated medium severity (CVSS 6.9), this vulnerability is remotely explo

CVE-2024-9281 MEDIUM POC
6.9 Sep 27

A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic.php. Rated medium severity (CVSS 6.

CVE-2019-9603 MEDIUM POC
6.5 Mar 06

MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-

CVE-2021-41663 MEDIUM POC
6.1 Jun 13

A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. Rated medium severity (CVSS 6.1), this vulnerabilit

CVE-2019-13186 MEDIUM POC
6.1 Jul 03

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. Rated medium severity (CVSS 6.1), thi

CVE-2018-20520 MEDIUM POC
6.1 Dec 27

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233.

CVE-2018-17039 MEDIUM POC
6.1 Sep 14

MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled

Share

CVE-2024-31741 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy