CVE-2024-27680
Description
Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Flusity-CMS v2.33 contains a stored XSS vulnerability in the Contact form, allowing attackers to inject arbitrary JavaScript.
Vulnerability
Flusity-CMS version 2.33 is vulnerable to Cross-Site Scripting (XSS) in the Contact form. The application fails to sanitize user input submitted through the contact form, allowing injection of arbitrary HTML and JavaScript code. This affects all installations running v2.33. [1]
Exploitation
An attacker can exploit this vulnerability by submitting a crafted payload (e.g., ``) via the contact form fields. No authentication is required to submit the form. When an administrator views the submitted contact message in the admin panel, the malicious script executes in their browser within the context of the application. [1]
Impact
Successful exploitation leads to execution of attacker-controlled JavaScript in the browser of any administrator who reviews the contact form submissions. This can result in session theft, defacement, or redirection to malicious sites. The attack is limited to the browser context and does not directly compromise the server. [1]
Mitigation
No official patch or fixed version has been released as of the publication date (2024-03-04). Users should manually sanitize input or disable the contact form until a fix is available. The vendor has not provided a security update. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Flusity-CMS/Flusity-CMSdescription
- Range: =2.33
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.