Cross site scripting

2024-01-2310:15:00

PRIOn knowledge base

www.prio-n.com

cross-site scripting

vulnerability

a-blog cms

remote attacker

arbitrary script

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user’s web browser.

CPENameOperatorVersion
a-blog_cmsle2.9.0
a-blog_cmsge2.10.0
a-blog_cmslt2.10.50
a-blog_cmsge2.11.0
a-blog_cmslt2.11.58
a-blog_cmsge3.1.0
a-blog_cmslt3.1.7
a-blog_cmsge3.0.0
a-blog_cmslt3.0.29

Name	Operator	Version
a-blog_cms	le	2.9.0
a-blog_cms	ge	2.10.0
a-blog_cms	lt	2.10.50
a-blog_cms	ge	2.11.0
a-blog_cms	lt	2.11.58
a-blog_cms	ge	3.1.0
a-blog_cms	lt	3.1.7
a-blog_cms	ge	3.0.0
a-blog_cms	lt	3.0.29