Cross-Site Scripting vulnerability in moziloCMS

Posted date 07/03/2024
3 - Medium
Affected Resources

moziloCMS, version 2.0.


INCIBE has coordinated the publication of a medium severity vulnerability affecting moziloCMS version 2.0, a simple and easy to use content management system (CMS) for users with little knowledge of HTML, which has been discovered by Juampa Rodríguez.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-2245: 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.

There is no reported solution at this time.


CVE-2024-2245: Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter.

References list