CVE-2024-9411

LOW

Ofcms - XSS

Title source: rule

Description

A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

gitee 1,025 stars

by oufu · javawriteup

https://gitee.com/oufu/ofcms/issues/IATECW

References (3)

[Broken Link] https://gitee.com/oufu/ofcms/issues/IATECW

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.278973

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.278973

Scores

CVSS v3 3.5

EPSS 0.0013

EPSS Percentile 31.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

ofcms_project/ofcms 1.1.2

Published Oct 01, 2024

Tracked Since Feb 18, 2026