CVE-2024-11971 | Guizhou Xiaoma Technology jpress 5.1.2 Avatar upload files cross site scripting

Posted by Angelo Barbosa | Nov 28, 2024 | CVE

A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argument files leads to cross site scripting.

This vulnerability is known as CVE-2024-11971. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-11971 | Guizhou Xiaoma Technology jpress 5.1.2 Avatar upload files cross site scripting

Related Posts

CVE-2023-6615 | Typecho 1.2.1 /admin/manage-users.php page information disclosure

CVE-2024-1331 | Team Members Plugin up to 5.3.1 on WordPress Shortcode Attribute cross site scripting

CVE-2024-3820 | wpDataTables Plugin up to 6.3.1 on WordPress sql injection

CVE-2024-3480 | Motorola Framework prior 2023-09-01 Telephony implicit intent