CVE-2022-24374

Published: Feb 24, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.

Affected (5)

Products: Appleple: A Blog Cms

Appleple

1 product

A Blog Cms

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Appleple A Blog Cms	From 2.10.0 to 2.10.44
Appleple A Blog Cms	From 2.11.0 to 2.11.42
Appleple A Blog Cms	From 2.8.0 to 2.8.75
Appleple A Blog Cms	From 2.9.0 to 2.9.40
Appleple A Blog Cms	Version 3.0.0