CVE-2024-43006

16 Ago 2024

Jose Alexis Correa Valencia
0 Comentarios

Título es

CVE-2024-43006

Vie, 16/08/2024 – 20:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43006

Descripción en

A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. When a user visits the ask/show_{newsid}.html page, the injected script is executed in the context of the user's browser, leading to potential theft of cookies, session tokens, or other sensitive information.

16/08/2024

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

http://www.zzcms.net/about/download.html

https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43006%20ZZCMS2023%E5%82%A8%E5%AD%98%E5%9E%8BXSS.md

Enviar en el boletín

Off

CVE-2024-43006

CVE-2024-43006

Jose Alexis Correa Valencia