Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2022-24374

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.

  • Published: Feb 24, 2022
  • Updated: Nov 16, 2025
  • CVE: CVE-2022-24374
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
appleple / a-blog_cms 3.0.0 3.0.0.x
appleple / a-blog_cms 2.11.0 2.11.42
appleple / a-blog_cms 2.10.0 2.10.44
appleple / a-blog_cms 2.9.0 2.9.40
appleple / a-blog_cms 2.8.0 2.8.75