4 matches found
CVE-2024-43006
A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...
CVE-2024-43006
A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...
CVE-2024-43006
ZZCMS2023 contains a stored XSS in /user/ask_edit.php?action=add via the content parameter. When an attacker injects JavaScript in content and a user loads ask/show_{newsid}.html, the script runs in the user’s browser, potentially stealing cookies or session tokens. Affected component: ZZCMS2023,...
CVE-2024-43006
A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...