Back

CVE-2024-43006

Aug. 16, 2024, 8:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

ZZCMS

  • 2023

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-16
CVE-2024-43006

CVE-2024-43006 details

Published : Aug. 16, 2024, 8:15 p.m.
Last Modified : Aug. 16, 2024, 8:15 p.m.

Description

A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. When a user visits the ask/show_{newsid}.html page, the injected script is executed in the context of the user's browser, leading to potential theft of cookies, session tokens, or other sensitive information.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
http://www.zzcms.net/about/download.html cve@mitre.org
https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43006%20ZZCMS2023%E5%82%A8%E5%AD%98%E5%9E%8BXSS.md cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.