CVE-2024-42939

2024-08-2100:00:00

mitre

www.cve.org

cve-2024-42939

cross-site scripting

yzncms v1.4.2

arbitrary web scripts

html

crafted payload

configured remarks text field

EPSS

Percentile

14.7%

JSON

A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.

References

github.com/tcyba/open_vul/blob/main/yzncms%20has%20a%20storage%20xss%20vulnerability.pdf

EPSS

Percentile

14.7%

JSON

Related for CVELIST:CVE-2024-42939