CVE-2024-42852

MEDIUM EXPLOITED NUCLEI

AcuToWeb server <10.5.0.7577C8b - XSS

Title source: llm

Description

Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.

Nuclei Templates (1)

AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting

MEDIUMVERIFIEDby ritikchaddha

Shodan: title:"AcuToWeb"

FOFA: title="AcuToWeb"

References (1)

[Issue Tracking] https://github.com/Hebing123/cve/issues/64

Scores

CVSS v3 6.1

EPSS 0.0271

EPSS Percentile 85.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2025-08-07

CWE

CWE-79

Status published

Published Aug 23, 2024

Tracked Since Feb 18, 2026