CVE-2024-7657 | Gila CMS 1.10.9 HTTP POST Request page content cross site scripting

Posted by Angelo Barbosa | Aug 10, 2024 | CVE

A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting.

This vulnerability was named CVE-2024-7657. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7657 | Gila CMS 1.10.9 HTTP POST Request page content cross site scripting

Related Posts

CVE-2024-30193 | Andy Moyle Church Admin Plugin up to 4.1.17 on WordPress cross site scripting

CVE-2024-8823 | PDF-XChange Editor JB2 File Parser out-of-bounds (ZDI-24-1246)

CVE-2024-5722 | Logsign Unified SecOps HTTP API hard-coded key

CVE-2024-26618 | Linux Kernel up to 6.6.14/6.7.2 sme sme_alloc allocation of resources (569156e4fa34/814af6b4e600/dc7eb8755797)