Primary

Context

a-blog cms Cross-Site Scripting Vulnerability

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in a-blog cms versions prior to 3.1.43 and 3.0.47. This vulnerability exists in a specific field on the entry editing screen, and exploitation requires contributor or higher-level privileges. When exploited, it allows for the execution of arbitrary scripts in the web browser of the logged-in user.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary scripts in the web browser of the user logged into a-blog cms.

Remediation

Users are advised to update a-blog cms to the latest version. For versions 3.1.x and 3.0.x, specific fixed versions are available. Consult the a-blog cms developer site for details on the latest versions. Additionally, a workaround is available by setting 'HOOK_ENABLE' to '1' in 'config.server.php' and modifying 'extension/acms/Hook.php' or 'php/ACMS/User/Hook.php'.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.0

exploitability

5.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.0

exploitability

5.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

a-blog cms Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

a-blog cms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating