CrowdSec
5/10CrowdSec Score

idcCMS - XSS (CVE-2024-11587)

Published on21-11-2024
First seen on31-07-2025
CVSS 5.3/10idcCMS - idcCMS

50Exploiting IPs reported

A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CrowdSec analysis

CVE-2024-11587 is a cross-site scripting vulnerability in idcCMS 1.60, specifically within the GetCityOptionJs function of the /inc/classProvCity.php file. By manipulating the idName argument, remote attackers can inject malicious scripts, potentially leading to unauthorized actions or data exposure for users interacting with the affected component. The exploit is publicly available, increasing the risk of real-world attacks.

CrowdSec has been tracking this vulnerability and its exploits since 24th of July 2025.

Insights from the CrowdSec network reveal that the attackers trying to exploit CVE-2024-11587 are composed of a fairly even mix of opportunistic and targeted actors. Some attackers employ preliminary reconnaissance, while others use indiscriminate scanning. In addition, according to the CrowdSec network, attack volume against CVE-2024-11587 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.

Attackers exploit this vulnerability by injecting XSS payloads into the idName parameter of /read.php, allowing arbitrary JavaScript execution in the victim's browser.

Exploitation

Get real-time information about exploitation attempts and actors involved.

Detected IPs

Discover the IPs that targeted this vulnerability across the CrowdSec Network.

Protection

Find out relevant information to protect your stack against this CVE.

Blocklist

With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.

To increase your protection against this CVE, block exploitation attempts with this list of identified actors.