Plataforma
php
Componente
publiccms
Corrigido em
5.202406.1
A cross-site scripting (XSS) vulnerability has been identified in PublicCMS versions 5.202406.d through 5.202406.d. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The issue stems from improper handling of user input within the /admin/cmsTagType/save endpoint. A patch is available in version 5.202406.1.
Successful exploitation of CVE-2024-11070 allows an attacker to execute arbitrary JavaScript code in the context of a user's browser. This can lead to session hijacking, credential theft, defacement of the PublicCMS website, and redirection to malicious sites. The vulnerability is particularly concerning because it is remotely exploitable and the attack vector involves manipulating a parameter within the administrative interface, potentially granting access to sensitive data and configuration settings. The disclosed nature of the exploit increases the risk of immediate exploitation.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The exploit's availability suggests a moderate to high probability of active campaigns targeting vulnerable PublicCMS installations. While no immediate KEV listing is present, the public disclosure warrants close monitoring. The NVD and CISA advisories were published on 2024-11-11.
PublicCMS installations running versions 5.202406.d through 5.202406.d are at risk. This includes websites and applications that rely on PublicCMS for content management and those with administrative access to the CMS backend. Shared hosting environments utilizing PublicCMS are particularly vulnerable due to the potential for cross-tenant exploitation.
• php: Examine web server access logs for requests to /admin/cmsTagType/save with unusual or suspicious values in the name parameter. Look for patterns indicative of XSS payloads (e.g., <script>, javascript:, onerror=).
grep 'name=[^a-zA-Z0-9_]' /var/log/apache2/access.log• generic web: Use curl to test the /admin/cmsTagType/save endpoint with a simple XSS payload to confirm vulnerability.
curl -X POST -d "name=<script>alert('XSS')</script>" http://your-publiccms-instance/admin/cmsTagType/savedisclosure
Status do Exploit
EPSS
0.13% (percentil 32%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-11070 is to upgrade PublicCMS to version 5.202406.1 or later. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the 'name' parameter in the /admin/cmsTagType/save endpoint. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting this specific endpoint can provide an additional layer of defense. Monitor PublicCMS logs for suspicious activity, particularly requests to /admin/cmsTagType/save with unusual parameter values.
Actualice PublicCMS a una versión posterior a 5.202406.d que contenga la corrección para la vulnerabilidad XSS. Consulte el registro de cambios oficial de PublicCMS para obtener detalles sobre la versión corregida y las instrucciones de actualización. Como medida temporal, puede implementar validación y sanitización de entradas en el campo 'name' del formulario de tipo de etiqueta para mitigar el riesgo de XSS.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-11070 is a cross-site scripting (XSS) vulnerability affecting PublicCMS versions 5.202406.d through 5.202406.d, allowing attackers to inject malicious scripts.
You are affected if your PublicCMS installation is running version 5.202406.d or 5.202406.d. Check your version and upgrade immediately.
Upgrade PublicCMS to version 5.202406.1 or later. Consider input validation as a temporary workaround if upgrading is not possible.
Due to the public disclosure of the exploit, there is a high probability of active exploitation. Monitor your systems closely.
Refer to the PublicCMS website or security advisories for the official advisory regarding CVE-2024-11070.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.