CVE-2024-12348 in jpressinfo

Summary

by MITRE • 12/09/2024

A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files[] leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/05/2025

The vulnerability identified as CVE-2024-12348 resides within Guizhou Xiaoma Technology's jpress 5.1.2 content management system, specifically targeting the AttachmentUtils.isUnSafe function within the Attachment Upload Handler component. This flaw represents a critical security weakness that allows attackers to execute cross-site scripting attacks through manipulated file upload operations. The vulnerability affects the /commons/attachment/upload file path and specifically targets the files[] argument handling mechanism, creating a persistent threat vector for malicious actors seeking to compromise user sessions and execute unauthorized code within victim browsers.

The technical exploitation of this vulnerability occurs through the improper validation and sanitization of file upload parameters within the AttachmentUtils.isUnSafe function. When attackers manipulate the files[] argument during the attachment upload process, they can inject malicious script code that gets executed in the context of other users' browsers. This cross-site scripting vulnerability operates through a remote attack vector, meaning that malicious actors can trigger the exploit without requiring physical access to the target system. The vulnerability's classification as "problematic" indicates that it represents a significant security risk that can be easily leveraged by threat actors for various malicious purposes including session hijacking, data exfiltration, and user impersonation.

The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to establish persistent access to affected systems and compromise user data integrity. The fact that this exploit has been publicly disclosed and may be actively used in the wild significantly increases the risk level for organizations running affected jpress versions. The remote exploit capability means that attackers can target users from any location, making this vulnerability particularly dangerous for web applications that handle sensitive user information or business-critical data. This vulnerability directly violates security principles outlined in CWE-79, which addresses cross-site scripting flaws, and aligns with ATT&CK technique T1566.001 for initial access through spearphishing attachments.

Organizations utilizing jpress 5.1.2 must implement immediate mitigations to protect against this vulnerability, including applying the latest security patches from the vendor, implementing robust input validation for file upload operations, and deploying web application firewalls to detect and block malicious file upload attempts. Additional protective measures should include content security policy enforcement, regular security audits of upload handlers, and user education regarding the risks of downloading unknown files. The vulnerability demonstrates the critical importance of proper input sanitization in web applications and highlights the necessity of implementing defense-in-depth strategies to protect against common web application vulnerabilities. Organizations should also consider implementing automated monitoring for suspicious upload activities and establishing incident response procedures to quickly address potential exploitation attempts.

Responsible

VulDB

Disclosure

12/09/2024

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00360

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!