{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10928","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-11-06T16:37:19.997Z","datePublished":"2024-11-06T22:31:05.848Z","dateUpdated":"2024-11-07T15:33:37.206Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-11-06T22:31:05.848Z"},"title":"MonoCMS Posts Page opensaved.php cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"n/a","product":"MonoCMS","versions":[{"version":"20240528","status":"affected"}],"modules":["Posts Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In MonoCMS bis 20240528 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei /monofiles/opensaved.php der Komponente Posts Page. Dank der Manipulation des Arguments filtcategory/filtstatus mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2024-11-06T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-11-06T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-11-06T17:42:27.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"secuserx (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.283327","name":"VDB-283327 | MonoCMS Posts Page opensaved.php cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.283327","name":"VDB-283327 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.434189","name":"Submit #434189 | MonoCMS 23-20240528 Improper Neutralization of Alternate XSS Syntax","tags":["third-party-advisory"]},{"url":"https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20MonoCMS%2023-20240528%20-%20(opensaved.php).md","tags":["exploit"]}],"tags":["unsupported-when-assigned"]},"adp":[{"affected":[{"vendor":"monocms","product":"monocms","cpes":["cpe:2.3:a:monocms:monocms:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"20240528","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-07T15:32:57.625298Z","id":"CVE-2024-10928","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-07T15:33:37.206Z"}}]}}