idcCMS - XSS (CVE-2024-11587)

CVE-2024-11587 is a cross-site scripting vulnerability in idcCMS 1.60, specifically within the GetCityOptionJs function of the /inc/classProvCity.php file. By manipulating the idName argument, remote attackers can inject malicious scripts, potentially leading to unauthorized actions or data exposure for users interacting with the affected component. The exploit is publicly available, increasing the risk of real-world attacks.

CrowdSec has been tracking this vulnerability and its exploits since 24th of July 2025.

Data from the CrowdSec community indicates that exploitation of CVE-2024-11587 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2024-11587 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2024-11587 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit this vulnerability by injecting XSS payloads into the idName parameter of /read.php, allowing arbitrary JavaScript execution in the victim's browser.