idcCMS - XSS (CVE-2024-11587)

CVE-2024-11587 is a cross-site scripting vulnerability in idcCMS 1.60, specifically within the GetCityOptionJs function of the /inc/classProvCity.php file. By manipulating the idName argument, remote attackers can inject malicious scripts, potentially leading to unauthorized actions or data exposure for users interacting with the affected component. The exploit is publicly available, increasing the risk of real-world attacks.

CrowdSec has been tracking this vulnerability and its exploits since 24th of July 2025.

CrowdSec network observations suggest that most exploitation of CVE-2024-11587 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. CrowdSec data also reveals a clear uptick in attacks involving CVE-2024-11587 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit this vulnerability by injecting XSS payloads into the idName parameter of /read.php, allowing arbitrary JavaScript execution in the victim's browser.