CVE-2024-31634

MEDIUM

xunruicms < 4.6.3 - Cross-Site Scripting via Security.php

Title source: llm
STIX 2.1

Description

Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.

References (1)

Core 1

Scores

CVSS v3 6.1
EPSS 0.0058
EPSS Percentile 43.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
xunruicms/xunruicms < 4.6.3
Published Apr 16, 2024
Tracked Since Feb 18, 2026