CVE-2024-26490
Description
A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in flusity-CMS v2.33 Addon JD Simple module allows arbitrary script execution via crafted Title field.
Vulnerability
The Addon JD Simple module in flusity-CMS v2.33 contains a stored cross-site scripting (XSS) vulnerability in the Title text field. User-supplied input is not sanitized before being stored and later rendered, allowing an attacker to inject arbitrary web scripts or HTML [1].
Exploitation
An attacker must have access to the administrative interface with permissions to manage the JD Simple module. By crafting a payload containing malicious JavaScript or HTML and submitting it in the Title field, the payload is stored and executed when any user views the affected page [1].
Impact
Successful exploitation enables the attacker to execute arbitrary scripts in the context of the victim's browser. This can lead to session hijacking, defacement, theft of sensitive data, or further attacks against other users of the CMS [1].
Mitigation
As of the publication date (2024-02-22), no official patch has been released for flusity-CMS v2.33. Administrators should consider disabling the Addon JD Simple module or implementing input sanitization on the Title field as a temporary workaround [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- flusity/CMSdescription
- Range: <=2.33
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.