AcuToWeb - XSS (CVE-2024-42852)
32Exploiting IPs reported
Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.
CrowdSec analysis
CVE-2024-42852 is a cross-site scripting (XSS) vulnerability in AcuToWeb server version 10.5.0.7577C8b, specifically affecting the index.php component. This flaw allows remote attackers to inject and execute arbitrary code in the context of a user's browser session, potentially leading to data theft or session hijacking through malicious scripts.
CrowdSec has been tracking this vulnerability and its exploits since 24th of July 2025.
CrowdSec network observations suggest that most exploitation of CVE-2024-42852 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2024-42852 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2024-42852 is currently experiencing high visibility and active exploitation across the internet.
Attackers exploit the portgw query parameter to inject XSS payloads, enabling arbitrary JavaScript execution in browsers visiting the vulnerable AcuToWeb endpoint.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.