CVE-2024-35540

moderate-risk
Published 2024-08-20

A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Do I need to act?

~
8.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
52162
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.0/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Typecho
Typecho

Affected Vendors

Typecho

References (1)

Exploit https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/
47
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 10/34 · Low
Exposure 7/34 · Low