CVE-2024-46410 – PublicCMS V4.0.202406.d contains a stored cross... (How to Fix)

📋 TL;DR

PublicCMS V4.0.202406.d contains a stored cross-site scripting (XSS) vulnerability in the Category Management feature. Attackers can inject malicious scripts that execute when administrators view or manage categories. This affects administrators and potentially users who view compromised category pages.

💻 Affected Systems

Products:

PublicCMS

Versions: V4.0.202406.d

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Category Management feature enabled and accessible to authenticated users.

📦 What is this software?

Publiccms by Publiccms

View all CVEs affecting Publiccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full CMS takeover, data theft, or website defacement through session hijacking or credential theft.

🟠

Likely Case

Session hijacking of administrator accounts, unauthorized content modification, or client-side data exfiltration from admin panel.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to Category Management feature. Proof-of-concept code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor official PublicCMS repositories for security updates
2. Apply any available patches immediately
3. Consider upgrading to newer versions if vulnerability is fixed

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement server-side validation and HTML encoding for all category management inputs

Implement input validation in category management controllers
Apply HTML entity encoding to all user-controlled outputs

Content Security Policy

all

Implement strict CSP headers to prevent script execution from untrusted sources

Add Content-Security-Policy header with script-src 'self'
Consider implementing nonce-based CSP for dynamic content

🧯 If You Can't Patch

Disable or restrict access to Category Management feature for non-essential users
Implement web application firewall (WAF) rules to block XSS payloads in category parameters

🔍 How to Verify

Check if Vulnerable:

Test category management forms with XSS payloads like <script>alert('XSS')</script> and check if script executes

Check Version:

Check PublicCMS version in admin panel or configuration files

Verify Fix Applied:

Retest with same XSS payloads after implementing fixes - scripts should not execute

📡 Detection & Monitoring

Log Indicators:

Unusual category creation/modification events
Requests containing script tags or JavaScript in category parameters
Multiple failed XSS attempts

Network Indicators:

HTTP requests with suspicious payloads in category-related endpoints
Unusual traffic patterns to /admin/category endpoints

SIEM Query:

source="web_logs" AND (uri_path="/admin/category" OR uri_path="/category") AND (http_query CONTAINS "<script>" OR http_query CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2024-46410

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: October 8, 2024

Last Updated: April 23, 2025

🔗 References

https://gitee.com/sanluan/PublicCMS Product
https://github.com/trengh222/publiccms_xss Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46410, you might also want to check these: