Home

Description

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page.

PUBLISHED Reserved 2024-04-03 | Published 2024-05-22 | Updated 2024-10-31 | Assigner jpcert

Problem types

Cross-site scripting (XSS)

Product status

prior to Ver.3.1.12
affected

prior to Ver.3.0.32
affected

prior to Ver.2.11.61
affected

prior to Ver.2.10.53
affected

Ver.2.9 and earlier
affected

References

developer.a-blogcms.jp/blog/news/JVN-70977403.html

jvn.jp/en/jp/JVN70977403/

developer.a-blogcms.jp/blog/news/JVN-70977403.html

jvn.jp/en/jp/JVN70977403/

cve.org (CVE-2024-31395)

nvd.nist.gov (CVE-2024-31395)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.