Vulnerability-Lookup

CNVD-2024-38571

Vulnerability from cnvd - Published: 2024-09-19

Title

FastCMS跨站脚本漏洞（CNVD-2024-38571）

Description

FastCMS是FastCMS公司的一个内容管理系统。 FastCMS 0.1.5版本存在跨站脚本漏洞，攻击者可利用该漏洞进行跨站脚本攻击。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新：https://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1111

Impacted products

Name
fastcms fastcms 0.1.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-1111",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-1111"
    }
  },
  "description": "FastCMS\u662fFastCMS\u516c\u53f8\u7684\u4e00\u4e2a\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\n\nFastCMS 0.1.5\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1ahttps://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38571",
  "openTime": "2024-09-19",
  "products": {
    "product": "fastcms fastcms 0.1.5"
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1111",
  "serverity": "\u4e2d",
  "submitTime": "2024-09-14",
  "title": "FastCMS\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2024-38571\uff09"
}

CVE-2023-1111 (GCVE-0-2023-1111)

Vulnerability from cvelistv5 – Published: 2024-05-24 06:31 – Updated: 2024-08-02 05:32

Title

FastCMS New Article Tab cross site scripting

Summary

A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266126 is the identifier assigned to this vulnerability.

Severity ?

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

2.4 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

2.4 (Low)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-79 - Cross Site Scripting

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.266126	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.266126	signaturepermissions-required
	https://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV	exploitissue-tracking

Impacted products

	Vendor	Product	Version
	n/a	FastCMS	Affected: 0.1.0 Affected: 0.1.1 Affected: 0.1.2 Affected: 0.1.3 Affected: 0.1.4 Affected: 0.1.5

Credits

VulDB Gitee Analyzer

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T14:25:47.824795Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:27:42.656Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:32:46.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-266126 | FastCMS New Article Tab cross site scripting",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.266126"
          },
          {
            "name": "VDB-266126 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.266126"
          },
          {
            "tags": [
              "exploit",
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "New Article Tab"
          ],
          "product": "FastCMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.1.0"
            },
            {
              "status": "affected",
              "version": "0.1.1"
            },
            {
              "status": "affected",
              "version": "0.1.2"
            },
            {
              "status": "affected",
              "version": "0.1.3"
            },
            {
              "status": "affected",
              "version": "0.1.4"
            },
            {
              "status": "affected",
              "version": "0.1.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB Gitee Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266126 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in FastCMS bis 0.1.5 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente New Article Tab. Durch die Manipulation des Arguments Title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-24T06:31:07.931Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-266126 | FastCMS New Article Tab cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.266126"
        },
        {
          "name": "VDB-266126 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.266126"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-05-24T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-05-24T08:25:19.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "FastCMS New Article Tab cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-1111",
    "datePublished": "2024-05-24T06:31:07.931Z",
    "dateReserved": "2023-03-01T09:53:59.374Z",
    "dateUpdated": "2024-08-02T05:32:46.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-38571

CVE-2023-1111 (GCVE-0-2023-1111)

Tags

Sightings

Nomenclature