CVE-2024-11587
published 2024-11-21CVE-2024-11587: A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php…
PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.89%
54.7th percentile
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| idccms | idccms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for unencoded XSS payload reflected in HTTP response body containing both 'alert(document.domain)' and 'add(new Option' strings simultaneously, with content-type text/html and HTTP 200 status. ↗
- →The attack vector is a GET request to /read.php with the 'idName' parameter containing unsanitized script injection and 'mudi=getCityData' as the action parameter. ↗
- →FOFA/Shodan fingerprinting: identify exposed idcCMS instances via page title 'idcCMS' as potential targets. ↗
- ·The vulnerability is specifically in the GetCityOptionJs function triggered via the 'mudi=getCityData' parameter; exploitation requires this specific action parameter alongside the malicious idName value. ↗
- ·This is a reflected XSS requiring user interaction (UI:R per CVSS), meaning a victim must be socially engineered into clicking a crafted link for exploitation to succeed. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
idcCMS V1.60 - Cross-Site Scripting
nuclei·CVSS 5.3
CVE-2024-11587 [MEDIUM] idcCMS V1.60 - Cross-Site Scripting
idcCMS V1.60 - Cross-Site Scripting
idcCMS V1.60 is vulnerable to reflected cross-site scripting (XSS) via the idName parameter in read.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution.
Template:
id: CVE-2024-11587
info:
name: idcCMS V1.60 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
idcCMS V1.60 is vulnerable to reflected cross-site scripting (XSS) via the idName parameter in read.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution.
impact: |
Successful exploitation of this XSS vulnerability allows attackers to execute arbitrary JavaScript code in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious activities.
remed
No writeups or analysis indexed.
2024-11-21
Published
Exploited in the wild