cbcvebase.
CVE-2024-11587
published 2024-11-21

CVE-2024-11587: A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php…

PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.89%
54.7th percentile
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected

1 ranges
VendorProductVersion rangeFixed in
idccmsidccms

Detection & IOCsextracted from sources · hover to see the quote

url/read.php?idName=1%3Cscript%3Ealert(document.domain)%3C/script%3E&mudi=getCityData
path/inc/classProvCity.php
path/read.php
  • Look for unencoded XSS payload reflected in HTTP response body containing both 'alert(document.domain)' and 'add(new Option' strings simultaneously, with content-type text/html and HTTP 200 status.
  • The attack vector is a GET request to /read.php with the 'idName' parameter containing unsanitized script injection and 'mudi=getCityData' as the action parameter.
  • FOFA/Shodan fingerprinting: identify exposed idcCMS instances via page title 'idcCMS' as potential targets.
  • ·The vulnerability is specifically in the GetCityOptionJs function triggered via the 'mudi=getCityData' parameter; exploitation requires this specific action parameter alongside the malicious idName value.
  • ·This is a reflected XSS requiring user interaction (UI:R per CVSS), meaning a victim must be socially engineered into clicking a crafted link for exploitation to succeed.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.