idcCMS 160 Cross-Site Scripting Vulnerability (DC-2024-11587) – Medium Severity

2024-11-22

A vulnerability classified as medium severity was found in idcCMS version 1.60. This vulnerability (CVE-2024-11587) allows for Cross-Site Scripting (XSS) attacks through manipulation of the “idName” argument in the “GetCityOptionJs” function located in the “/inc/classProvCity.php” file. Attackers can exploit this vulnerability remotely, and public exploit code is available.

Vulnerability :

Platform: idcCMS
Version: 1.60
Vulnerability: Cross-Site Scripting (XSS)
Severity: Medium
Date: November 21, 2024

What Undercode Says:

This XSS vulnerability in idcCMS 1.60 could allow attackers to inject malicious scripts into web pages viewed by users. These scripts could then steal user data, redirect users to malicious websites, or perform other unwanted actions.

It is recommended that users of idcCMS 1.60 upgrade to a patched version as soon as possible.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top