CVE-2024-25559
low-risk
Published 2024-02-15
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
Do I need to act?
-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Vendor Advisory
https://developer.a-blogcms.jp/blog/news/JVN-48966481.html
Third Party Advisory
https://jvn.jp/en/jp/JVN48966481/
Vendor Advisory
https://developer.a-blogcms.jp/blog/news/JVN-48966481.html
Third Party Advisory
https://jvn.jp/en/jp/JVN48966481/
25
/ 100
low-risk
Severity
19/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal