CVE-2024-11587
LOW EXPLOITED NUCLEIidcCMS 1.60 - Cross-Site Scripting in GetCityOptionJs Function
Title source: llmExploitation Summary
CVE-2024-11587 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Nuclei Templates (1)
idcCMS V1.60 - Cross-Site Scripting
MEDIUMVERIFIEDby ritikchaddha
Shodan:
title:"idcCMS"
FOFA:
title="idcCMS"
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.285657
Permissions Required signature
permissions-required
https://vuldb.com/?ctiid.285657
Exploit, Third Party Advisory third-party-advisory
https://vuldb.com/?submit.442071
Exploit, Issue Tracking, Third Party Advisory exploit
issue-tracking
https://github.com/Hebing123/cve/issues/75
Scores
CVSS v3
3.5
EPSS
0.0089
EPSS Percentile
54.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2025-07-31
CWE
CWE-94
CWE-79
Status
published
Products (1)
idccms/idccms
1.60
Published
Nov 21, 2024
Tracked Since
Feb 18, 2026