CVE-2024-28623
published 2024-03-13CVE-2024-28623: RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.32%
67.2th percentile
RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ritecms | ritecms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
exploitdb·2025-08-18·CVSS 6.1
CVE-2024-28623 [MEDIUM] RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
---
# Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting (XSS)
# Google Dork: N/A
# Date: 2024-08-12
# Exploit Author: GURJOT SINGH
# Vendor Homepage: https://ritecms.com/
# Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip
# Version:
Steps:
1. Log in or navigate to the vulnerable `main_menu/edit_section` functionality.
2. Inject the above payload into the vulnerable parameter.
3. Observe the execution of the injected JavaScript.
Video PoC:
https://github.com/GURJOTEXPERT/ritecms/blob/main/POC.mp4
Full write-up & repository:
https://github.com/GURJOTEXPERT/ritecms
## Mitigation:
- Implement strict input validation and output encoding.
- Enforce a Content Security Policy (CSP)
Nuclei
RiteCMS 3.0.0 - Cross-site Scripting
nuclei·CVSS 6.1
CVE-2024-28623 [MEDIUM] RiteCMS 3.0.0 - Cross-site Scripting
RiteCMS 3.0.0 - Cross-site Scripting
RiteCMS v3.0.0 contains a reflected XSS caused by unsanitized input in the main_menu/edit_section component, letting attackers execute arbitrary scripts in the context of the victim's browser.
Template:
id: CVE-2024-28623
info:
name: RiteCMS 3.0.0 - Cross-site Scripting
author: 0x_Akoko
severity: medium
description: |
RiteCMS v3.0.0 contains a reflected XSS caused by unsanitized input in the main_menu/edit_section component, letting attackers execute arbitrary scripts in the context of the victim's browser.
impact: |
Attackers can execute arbitrary scripts in the victim's browser, potentially leading to session hijacking or defacement.
remediation: |
Sanitize and validate input in the main_menu/edit_section component, and update to the latest versio
No writeups or analysis indexed.
2024-03-13
Published