CVE-2024-28417

Published Mar 14, 2024

Last updated 10 months ago

CVSS medium 6.3

Overview

Description: Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
Source: cve@mitre.org
NVD status: Analyzed
Products: webedition_cms

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.3
Impact score: 3.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-80

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:webedition:webedition_cms:9.2.2.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "8124304E-6B4C-4654-895D-F648DE177DD2",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users.•CVE-2023-53884
Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server.•CVE-2023-53883
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php•CVE-2024-28418

References

Sources include official advisories and independent security research.

https://nvd.nist.gov/vuln/detail/CVE-2024-28417
https://gitee.com/shavchen214/pwn/issues/I94VFH
https://gitee.com/shavchen214/pwn/issues/I94VFH

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References