CVE-2024-50810

MEDIUM

hopetree izone lts c011b48 - Stored Cross-Site Scripting in Article Comment Function

Title source: llm
STIX 2.1

Description

hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView() does not securely filter user input and renders it directly to the frontend page through templates.

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0022
EPSS Percentile 12.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Nov 08, 2024
Tracked Since Feb 18, 2026