Medium Severity CVE-2024-0001
Published: Mar 16, 2024

Cross-Site Scripting in Blog Platform

Xss
Type
6.1
CVSS Score
102
Views
testuser
Author

Description

Reflected XSS vulnerability in the comment system allows attackers to execute malicious JavaScript in victim browsers, potentially stealing session cookies and performing unauthorized actions.

Affected Systems

Blog Platform 2.0-2.3, All browsers

Proof of Concept

Security Warning

This code is provided for educational and research purposes only. Do not use against systems you do not own or have explicit permission to test.

Exploit Code 
<script>alert(document.cookie)</script>

References

Timeline

Discovered: Mar 12, 2024
Published: Mar 15, 2024
Community Rating
4

Login to rate this exploit

Quick Actions
Related Exploits
Critical Magento Windows Server - Xss...
High Nginx WordPress Core - Xss...
Low Oracle Framework - Xss...