CVE-2024-23055
published 2024-01-25CVE-2024-23055: An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST…
PriorityP341medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.25%
65.6th percentile
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plone | plone_docker_official_image | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Plone Docker - Host Header Injection
nuclei·CVSS 6.1
CVE-2024-23055 [MEDIUM] Plone Docker - Host Header Injection
Plone Docker - Host Header Injection
Plone Docker Official Image 5.2.13 (5221) is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting (XSS) attacks when the malicious Host header value is reflected in the response.
Template:
id: CVE-2024-23055
info:
name: Plone Docker - Host Header Injection
author: theamanrawat
severity: medium
description: |
Plone Docker Official Image 5.2.13 (5221) is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting (XSS) attacks when the malicious Host header value is reflected in the response.
impact: |
Remote attackers can execute arbitrary code on the server, potentially leading to full system compromise
No writeups or analysis indexed.
2024-01-25
Published