CVE-2022-23916

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
appleplea-blog_cms
2.8.0 ≤
𝑥
< 2.8.75
appleplea-blog_cms
2.9.0 ≤
𝑥
< 2.9.40
appleplea-blog_cms
2.10.0 ≤
𝑥
< 2.10.44
appleplea-blog_cms
2.11.0 ≤
𝑥
< 2.11.42
appleplea-blog_cms
3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://developer.a-blogcms.jp/blog/news/security-202202.html
https://jvn.jp/en/jp/JVN14706307/index.html
https://developer.a-blogcms.jp/blog/news/security-202202.html
https://jvn.jp/en/jp/JVN14706307/index.html