CVE-2024-35540
CRITICALTypecho < 1.2.1 - XSS
Title source: ruleDescription
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Exploits (2)
github
WORKING POC
1 stars
by cyberaz0r · gopoc
https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities
Scores
CVSS v3
9.0
EPSS
0.0868
EPSS Percentile
92.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (2)
typecho/typecho
1.3.0 alpha
typecho/typecho
< 1.2.1
Published
Aug 20, 2024
Tracked Since
Feb 18, 2026