Products
ZZCMS
- 2023
Source
cve@mitre.org
Tags
CVE-2024-43006 details
Published : Aug. 16, 2024, 8:15 p.m.
Last Modified : Aug. 16, 2024, 8:15 p.m.
Last Modified : Aug. 16, 2024, 8:15 p.m.
Description
A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. When a user visits the ask/show_{newsid}.html page, the injected script is executed in the context of the user's browser, leading to potential theft of cookies, session tokens, or other sensitive information.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
http://www.zzcms.net/about/download.html | cve@mitre.org |
https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43006%20ZZCMS2023%E5%82%A8%E5%AD%98%E5%9E%8BXSS.md | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.