CVE-2024-26482

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)

Published: Feb 22, 2024 / Updated: 9mo ago

010
CVSS 7.1EPSS 0.04%High
CVE info copied to clipboard

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-26482

Feb 21, 2024 at 9:15 PM
First Article

Feedly found the first article mentioning CVE-2024-26482. See article

Feb 22, 2024 at 5:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Feb 22, 2024 at 5:21 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 6.8%)

Feb 22, 2024 at 2:48 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (756798)

Aug 6, 2024 at 7:53 AM
CVSS

A CVSS base score of 7.1 has been assigned.

Aug 29, 2024 at 8:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Getkirby/kirby
+null more

Attack Patterns

CAPEC-18: XSS Targeting Non-Script Elements
+null more

News

suse_linux SUSE-SU-2024:2571-1: SUSE SLED15 / SLES15 / openSUSE 15 : Security update for the Linux Kernel (Important) (SUSE-SU-2024:2571-1)
Development Last Updated: 7/23/2024 CVEs: CVE-2023-52840 , CVE-2024-36969 , CVE-2024-36975 , CVE-2024-38381 , CVE-2023-52847 , CVE-2024-36915 , CVE-2023-52808 , CVE-2024-38664 , CVE-2024-36010 , CVE-2023-52769 , CVE-2023-52817 , CVE-2024-39301 , CVE-2024-38566 , CVE-2023-52699 , CVE-2024-26482 , CVE-2023-52844 , CVE-2023-52774 , CVE-2024-35831 , CVE-2024-35857 , CVE-2024-36937 , CVE-2024-38388 , CVE-2024-36967 , CVE-2024-38627 , CVE-2024-39471 , CVE-2024-38661 , CVE-2023-52866 , CVE-2024-38663 , CVE-2023-52762 , CVE-2023-52672 , CVE-2024-36935 , CVE-2023-52801 , CVE-2023-52791 , CVE-2024-26920 , CVE-2024-35843 , CVE-2024-38605 , CVE-2024-36916 , CVE-2024-36934 , CVE-2024-39463 , CVE-2024-26625 , CVE-2024-35886 , CVE-2023-52841 , CVE-2023-52836 , CVE-2024-26767 , CVE-2023-52875 , CVE-2024-37353 , CVE-2024-38582 , CVE-2023-52757 , CVE-2023-52872 , CVE-2023-52805 , CVE-2023-52814 , CVE-2024-38602 , CVE-2024-36945 , CVE-2024-36964 , CVE-2023-52855 , CVE-2023-52871 , CVE-2023-52873 , CVE-2024-39296 , CVE-2023-52813 , CVE-2024-38780 , CVE-2023-52781 , CVE-2023-52810 , CVE-2023-52819 , CVE-2024-36938 , CVE-2024-35898 , CVE-2023-52804 , CVE-2024-35900 , CVE-2024-38390 , CVE-2024-35976 , CVE-2024-38569 , CVE-2024-38579 , CVE-2023-52842 , CVE-2024-38616 , CVE-2024-38580 , CVE-2024-26814 , CVE-2024-38583 , CVE-2024-36281 , CVE-2023-52827 , CVE-2024-38551 , CVE-2023-52735 , CVE-2024-39291 , CVE-2024-38595 , CVE-2023-52838 , CVE-2024-36965 , CVE-2023-52783 , CVE-2023-52832 , CVE-2023-52826 , CVE-2024-38575 , CVE-2023-52883 , CVE-2023-52835 , CVE-2023-52861 , CVE-2024-38588 , CVE-2023-52878 , CVE-2024-38384 , CVE-2024-35848 , CVE-2024-38562 , CVE-2024-38592 , CVE-2024-38628 , CVE-2024-38565 , CVE-2024-35247 , CVE-2024-36024 , CVE-2024-38573 , CVE-2023-52865 , CVE-2024-38567 , CVE-2023-52803 , CVE-2023-52780 , CVE-2023-52759 , CVE-2024-35926 , CVE-2024-38568 , CVE-2024-38547 , CVE-2023-52776 , CVE-2023-52784 , CVE-2023-52864 , CVE-2023-52782 , CVE-2024-36960 , CVE-2023-52868 , CVE-2024-35970 , CVE-2023-52795 , CVE-2024-35979 , CVE-2023-52856 , CVE-2024-38559 , CVE-2024-38590 , CVE-2024-38594 , CVE-2024-35998 , CVE-2024-38635 , CVE-2023-52846 , CVE-2024-36957 , CVE-2024-38540 , CVE-2024-35884 , CVE-2023-52850 , CVE-2024-36882 , CVE-2024-35925 , CVE-2023-52876 , CVE-2024-27419 , CVE-2023-52857 , CVE-2024-36017 , CVE-2024-38555 , CVE-2024-38548 , CVE-2024-38615 , CVE-2024-38622 , CVE-2024-38557 , CVE-2023-52829 , CVE-2022-48772 , CVE-2024-39371 , CVE-2024-38564 , CVE-2023-52766 , CVE-2024-33619 , CVE-2023-52867 , CVE-2024-36962 , CVE-2024-36977 , CVE-2023-52879 , CVE-2023-52854 , CVE-2023-52750 , CVE-2024-38543 , CVE-2024-36903 , CVE-2023-52858 , CVE-2024-38545 , CVE-2024-38572 , CVE-2024-36924 , CVE-2024-38578 , CVE-2024-26758 , CVE-2024-35962 , CVE-2024-38560 , CVE-2024-35957 , CVE-2024-38591 , CVE-2024-38546 , CVE-2023-52837 , CVE-2023-52796 , CVE-2023-52818 , CVE-2024-36973 , CVE-2023-52849 , CVE-2024-38600 , CVE-2024-38549 , CVE-2023-52773 , CVE-2023-52881 , CVE-2024-36919 , CVE-2024-38554 , CVE-2024-38570 , CVE-2023-52764 , CVE-2024-38611 , CVE-2023-52754 , CVE-2024-36971 , CVE-2023-52851 , CVE-2024-38539 , CVE-2023-52834 , CVE-2023-52794 , CVE-2024-38597 , CVE-2024-37354 , CVE-2024-26845 , CVE-2024-38552 , CVE-2023-52853 , CVE-2024-36477 , CVE-2024-26889 , CVE-2023-52799 , CVE-2023-52821 , CVE-2024-26750 , CVE-2024-35880 , CVE-2024-38608 , CVE-2024-38636 , CVE-2024-37021 , CVE-2024-36917 , CVE-2024-38603 , CVE-2023-52880 , CVE-2024-39469 , CVE-2023-52811 , CVE-2024-38391 , CVE-2023-52792 , CVE-2023-52767 , CVE-2024-35827 , CVE-2024-36008 , CVE-2024-36923 , CVE-2024-38599 , CVE-2024-39362 , CVE-2023-52768 , CVE-2023-52622 , CVE-2024-35896 , CVE-2023-52877 , CVE-2024-38610 , CVE-2023-52777 , CVE-2023-52816 , CVE-2023-52845 , CVE-2023-52812 , CVE-2024-35892 , CVE-2024-38544 , CVE-2024-35807 , CVE-2024-38629 , CVE-2023-52656 , CVE-2023-52749 , CVE-2023-52884 , CVE-2023-52869 , CVE-2024-36479 , CVE-2024-27414 , CVE-2024-39277 , CVE-2024-26813 , CVE-2024-36478 , CVE-2024-36926 , CVE-2023-52788 , CVE-2023-52789 , CVE-2023-52800 , CVE-2024-38587 , CVE-2023-52806 , CVE-2024-38621 , CVE-2023-52862 , CVE-2021-47432 , CVE-2024-36978 , CVE-2024-38601 , CVE-2024-36972 , CVE-2023-52815 , CVE-2024-38633 , CVE-2024-36900 , CVE-2023-52825 , CVE-2024-26676 , CVE-2023-52874 , CVE-2024-36952 , CVE-2023-52798 , CVE-2023-52809 , CVE-2023-52843 , CVE-2024-38553 , CVE-2024-26780 , CVE-2024-38571 , CVE-2024-38617 , CVE-2024-34777 , CVE-2024-38550 , CVE-2023-52786 , CVE-2024-38618 , CVE-2023-52863 , CVE-2023-52870 , CVE-2024-39466 , CVE-2024-36899 , CVE-2024-38619 , CVE-2024-38541 , CVE-2024-38581 , CVE-2024-38385 , CVE-2023-52787 , CVE-2023-52765 , CVE-2023-52807 , CVE-2024-36005 , CVE-2024-36904 , CVE-2023-52763 , CVE-2024-37078 , CVE-2023-52753 , CVE-2024-38630 , CVE-2024-38634 , CVE-2024-38556 , CVE-2024-36887 , CVE-2023-52833
Mehrere Probleme in Linux (SUSE)
CVE-2024-26482 - RedPacket Security
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality. If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below To keep up to date follow us on the below channels.
CVE-2024-26482
High Severity Description An HTML injection vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted payload. Read more at https://www.tenable.com/cve/CVE-2024-26482
NA - CVE-2024-26482 - An HTML injection vulnerability in the Edit...
An HTML injection vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted payload.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI