CVE-2024-28725

2024-05-0600:00:00

mitre

www.cve.org

cross site scripting

yzmcms

ads management

carousel management

system settings

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings.

References

github.com/asenzhenshuai/DongDong/blob/main/yzmcms-xss.pdf

github.com/asenzhenshuai/DongDong/issues/1