2 matches found
CVE-2022-29362
A cross-site scripting XSS vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter...
CVE-2022-29362
ZKEACMS v3.5.2 contains a Cross-Site Scripting (XSS) vulnerability in the /navigation/create?ParentID=%23 endpoint. The root cause is unsanitized input in the ParentID parameter, allowing attackers to inject arbitrary web scripts or HTML. Impact is cited as enabling script execution in the victim...