2 matches found
Cross site scripting
A stored cross-site scripting XSS vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...
CVE-2023-43233
YZNCMS v1.3.0 contains a stored XSS in the cms/content/edit component, exploitable by injecting a crafted payload into the title parameter. Root cause: insufficient input validation/output encoding for the title field, enabling arbitrary web scripts/HTML to be stored and later rendered. Impact pe...