CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
43.7%
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
Improper input validation (CWE-20) - CVE-2024-23180
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N | Base Score: 3.5 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Cross-site scripting (CWE-79) - CVE-2024-23181
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
Relative path traversal (CWE-23) - CVE-2024-23182
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N | Base Score: 5.0 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
Cross-site scripting (CWE-79) - CVE-2024-23183
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Improper input validation (CWE-20) - CVE-2024-23348
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Cross-site scripting (CWE-79) - CVE-2024-23782
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
CVE-2024-23180, CVE-2024-23181, CVE-2024-23182, CVE-2024-23183, CVE-2024-23348 Update the Software
Update the software to the latest version according to the information provided by the developer.
CVE-2024-23782 Update the Software and activate option
Update the software to the latest version according to the information provided by the developer.
After updating, add the following line to private/config.system.yaml
strip_dangerous_tag: on
For more information, refer to the information provided by the developer.