cbcvebase.
CVE-2024-42852
published 2024-08-23

CVE-2024-42852: Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.

PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.73%
49.7th percentile
Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/?portgw=80089948;%20alert(document.domain)
path/?portgw=80089948;%20alert(document.domain)
  • Detect CVE-2024-42852 exploitation by looking for HTTP GET requests to index.php (or root path) containing the 'portgw' parameter with unsanitized/script-injected values (e.g., semicolons followed by JavaScript payloads).
  • In HTTP response body, look for the string '80089948; alert(document.domain);' AND 'WT_GW_PORT' together as indicators of a successful XSS reflection in AcuToWeb.
  • Use FOFA/Shodan queries 'title="AcuToWeb"' or 'title:"AcuToWeb"' to identify exposed AcuToWeb instances for proactive scanning.
  • Flag HTTP 200 responses of content-type 'text/html' from AcuToWeb servers that reflect user-supplied 'portgw' parameter values verbatim in the response body.
  • ·The vulnerability is specific to AcuToWeb version 10.5.0.7577c8b (CPE: cpe:2.3:a:opentext:acutoweb:10.5.0.7577c8b). Detection rules should be scoped to this version to avoid false positives on patched instances.
  • ·This is a reflected XSS (not stored), requiring user interaction (UI:R) to trigger. Network-level detection should focus on the request/response pair, not just the inbound request alone.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.