CVE-2019-9078
ZZCMS 2019 contains a cross-site scripting (XSS) vulnerability in the inc/stopsqlin.php route, exploitable via the arbitrary user parameter ask.php?do=modify where mixed-case strings like sCrIpT are not blocked. This is documented across multiple sources (CNVD/CNVD-2019-05298 and CVE-2019-9078) w...