CVE-2024-48239

MEDIUM

WTCMS 1.0 - Cross-Site Scripting in plupload Method

Title source: llm
STIX 2.1

Description

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/taosir/wtcms/issues/16

Scores

CVSS v3 4.8
EPSS 0.0023
EPSS Percentile 13.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
wtcms_project/wtcms 1.0
Published Oct 25, 2024
Tracked Since Feb 18, 2026