3 matches found
CVE-2024-39174
A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...
PT-2024-28378 · Yzmcms · Yzmcms
Name of the Vulnerable Software and Affected Versions: yzmcms version 7.1 Description: A cross-site scripting XSS vulnerability in the Publish Article function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. Recommendations: For...
PT-2024-26322 · Yzmcms · Yzmcms
Name of the Vulnerable Software and Affected Versions: YzmCMS version 7.1 Description: A reflected XSS issue has been found in the yzmphp/core/class/application.class.php file. When logged-in users access a malicious link, their cookies can be captured by an attacker. This could lead to potential...