CVE Details
Basic Information
| Title |
HkCms Search index.html cross site scripting |
| Type |
cve |
| Published |
2025-05-21T00:31:23.395Z |
| Last Seen |
|
CVSS Information
| Base Score |
0.0 () |
| Attack Vector |
|
| Attack Complexity |
|
| Privileges Required |
|
| User Interaction |
|
| Scope |
|
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A cross-site scripting (XSS) vulnerability exists in HkCms versions up to 2.3.2.240702, specifically in the search functionality. The issue allows remote attackers to inject malicious scripts via the ‘keyword’ parameter, potentially leading to unauthorized actions or data theft. |
| AI Severity |
Medium |
| Vendor |
HkCms |
| Product |
HkCms |
| Affected Version |
2.3.2.240702 |
Additional Information
| CVE List |
|
| CWE List |
CWE-79, CWE-94 |
| Bulletin Family |
|
Description
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: %!f(string=#) ()
View Full CVE Details
