CVE-2024-50348

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-50348

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50348.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-50348

Aliases

GHSA-f6cf-jg84-fw29

Published

2024-10-29T22:25:19.138Z

Modified

2025-12-05T07:18:05.306420Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

InstantCMS has a Cross Site Scripting Vulnerability

Details

InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This vulnerability is fixed in 2.16.3.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50348.json"
}

References

Affected packages

Git / github.com/instantsoft/icms2

Affected ranges

Type: GIT
Repo: https://github.com/instantsoft/icms2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

95ddd2b92b03bc552a4fc4cf1a99e20cc0f30ae6