CVE-2024-12348

Summary

A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files[] leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
Guizhou Xiaoma Technologyjpress5.1.2affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References