CVE-2024-23348

{"id": "CVE-2024-23348", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-01-23T10:15:10.637", "references": [{"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://jvn.jp/en/jp/JVN34565930/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jvn.jp/en/jp/JVN34565930/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file."}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. 2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado ejecutar c\u00f3digo JavaScript arbitrario cargando un archivo SVG especialmente manipulado."}], "lastModified": "2025-05-30T15:15:35.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2879B3D6-4E10-494B-B221-61CF4FA3B2D7", "versionEndIncluding": "2.9.0"}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "957FC43C-7DBF-445F-952D-2C3AFC3DAF53", "versionEndExcluding": "2.10.50", "versionStartIncluding": "2.10.0"}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B9C6A38-B9F3-4B83-872E-4A7FCF10A2CF", "versionEndExcluding": "2.11.58", "versionStartIncluding": "2.11.0"}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43352BBA-DDE8-4542-A8E1-10762B634972", "versionEndExcluding": "3.0.29", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E42BDC5D-3F5F-45E4-9135-0AA3E4DA94CE", "versionEndExcluding": "3.1.7", "versionStartIncluding": "3.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}