Lucene search
JpcertCVELIST:CVE-2024-23348HistoryJan 23, 2024 - 9:39 a.m.
CVE-2024-23348
2024-01-2309:39:14
jpcert
www.cve.org
1
input validation vulnerability
a-blog cms
remote attack
arbitrary code execution
svg file.
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
CNA Affected
[
{
"vendor": "appleple inc.",
"product": "a-blog cms Ver.3.1.x series",
"versions": [
{
"version": "prior to Ver.3.1.7",
"status": "affected"
}
]
},
{
"vendor": "appleple inc.",
"product": "a-blog cms Ver.3.0.x series",
"versions": [
{
"version": "prior to Ver.3.0.29",
"status": "affected"
}
]
},
{
"vendor": "appleple inc.",
"product": "a-blog cms Ver.2.11.x series",
"versions": [
{
"version": "prior to Ver.2.11.58",
"status": "affected"
}
]
},
{
"vendor": "appleple inc.",
"product": "a-blog cms Ver.2.10.x series",
"versions": [
{
"version": "prior to Ver.2.10.50",
"status": "affected"
}
]
},
{
"vendor": "appleple inc.",
"product": "a-blog cms",
"versions": [
{
"version": "Ver.2.9.0 and earlier ",
"status": "affected"
}
]
}
]Related
cve
cve
CVE-2024-23348
2024-01-23 10:15:10
prion
prion
Input validation
2024-01-23 10:15:00
nvd
nvd
CVE-2024-23348
2024-01-23 10:15:10
jvn
jvn
JVN#34565930: Multiple vulnerabilities in a-blog cms
2024-01-22 00:00:00