8 matches found
CVE-2022-28522
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
CVE-2022-28521
ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=spsetconfig...
Design/Logic Flaw
ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=spsetconfig...
Cross site scripting
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
CVE-2022-28522
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
CVE-2022-28522
ZCMS v20170206 contains a stored XSS vulnerability in index.php?m=home&c=message&a=add. The root cause is a stored cross-site scripting flaw in the message add endpoint, allowing injection that can affect other users. According to the provided sources, the impact is C=L/I=L (partial integrity imp...
CVE-2022-28521
ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=spsetconfig...
CVE-2022-28521
CVE-2022-28521 affects ZCMS v20170206 (thinkphp-zcms). The vulnerability is a file inclusion flaw in index.php?m=home&c=home&a=sp_set_config that can lead to arbitrary code execution. Several sources (NVD, CNVD/CNNVD, Red Hat, PRION) corroborate the file inclusion risk; exploitation status is not...