Description

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.

Classification

CVE ID: CVE-2024-23782

Affected Products

Vendor: appleple inc.

Product: a-blog cms Ver.3.1.x series, a-blog cms Ver.3.0.x series, a-blog cms Ver.2.11.x series, a-blog cms Ver.2.10.x series, a-blog cms

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.28% (probability of being exploited)

EPSS Percentile: 51.23% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23782
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html
https://jvn.jp/en/jp/JVN34565930/

Timeline