How severe is CVE-2024-5851?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2024-5851?

This is classified as CWE-80, which is a common weakness in software security.

CVE-2024-5851 - MEDIUM Severity | CVSS 3.5

Vulnerability Description

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.8 is able to address this issue. The name of the patch is 7a88920f6b536c6a91512e739bcb4e8adefeed2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-267912. NOTE: The code maintainer was contacted early about this disclosure and was eager to prepare a fix as quickly as possible.

Related Vulnerabilities

CVE-2020-5283

LOW

CVSS:3.5(Low)

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges ...

CWE-802020

CVE-2025-29431

LOW

CVSS:3.2(Low)

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/department.php via the id, code, and name parameters.

CWE-802025

CVE-2024-51472

LOW

CVSS:3.1(Low)

IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary...

CWE-802024

CVE-2025-29430

MEDIUM

CVSS:4.1(Medium)

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/room.php via the id and rome parameters.

CWE-802025

CVE-2024-34398

MEDIUM

CVSS:4.2(Medium)

An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.

CWE-802024

CVE-2023-45053

MEDIUM

CVSS:4.3(Medium)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue ...

CWE-802023