Unrated severityNVD Advisory· Published Aug 16, 2024· Updated Aug 19, 2024
CVE-2024-43006
CVE-2024-43006
Description
A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. When a user visits the ask/show_{newsid}.html page, the injected script is executed in the context of the user's browser, leading to potential theft of cookies, session tokens, or other sensitive information.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.