CVE-2024-28725

2024-05-0621:15:48

[email protected]

web.nvd.nist.gov

cve-2024-28725

yzmcms

xss

ads management

carousel management

system settings

arbitrary code

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings.

References

github.com/asenzhenshuai/DongDong/blob/main/yzmcms-xss.pdf

github.com/asenzhenshuai/DongDong/issues/1