Cross-site Scripting in ZKEACMS

2022-05-2600:01:31

Google

osv.dev

0.001 Low

EPSS

Percentile

24.9%

JSON

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.

CPENameOperatorVersion
zkeacms.publishereq1.5.7.3
zkeacms.publishereq1.0.4
zkeacms.publishereq1.5.4
zkeacms.publishereq1.2.0
zkeacms.publishereq1.5.3
zkeacms.publishereq1.5.7.6
zkeacms.publishereq1.5.7.4
zkeacms.publishereq1.5.5
zkeacms.publishereq1.5.6
zkeacms.publishereq1.5.0

Name	Operator	Version
zkeacms.publisher	eq	1.5.7.3
zkeacms.publisher	eq	1.0.4
zkeacms.publisher	eq	1.5.4
zkeacms.publisher	eq	1.2.0
zkeacms.publisher	eq	1.5.3
zkeacms.publisher	eq	1.5.7.6
zkeacms.publisher	eq	1.5.7.4
zkeacms.publisher	eq	1.5.5
zkeacms.publisher	eq	1.5.6
zkeacms.publisher	eq	1.5.0