2 matches found
CVE-2024-56116
Amiro.CMS is affected by CVE-2024-56116: a Cross-Site Request Forgery flaw in versions prior to 7.8.4 allows remote attackers to create an administrator account. The CVSS‑3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (High). Exploitation is not clearly shown in the p...
CVE-2024-56115
CVE-2024-56115 affects Amiro.CMS prior to 7.8.4. The issue arises from failure to neutralize special elements, enabling cross-site scripting (XSS). Impact is driven by the ability for remote attackers to exploit XSS; CVSSv3.1 base score 6.1 (MEDIUM) with network attack vector, no privileges, user...