Cross Site Scripting Vulnerability in ZLMediaKit by ZLMedia
CVE-2023-39067

6.1MEDIUM

Key Information:

Vendor: Zlmediakit
Status: Zlmediakit
Vendor: CVE Published:; 11 September 2023

What is CVE-2023-39067?

A Cross Site Scripting vulnerability in ZLMediaKit, specifically in versions 4.0 and 5.0, allows an attacker to inject and execute arbitrary scripts through maliciously crafted URLs. This flaw poses a significant risk as it can be exploited to carry out unauthorized actions in the context of a user’s session, potentially leading to data theft, session hijacking, or other security breaches. Users of the affected versions should consider immediate mitigation measures.

References

https://github.com/Yao-ruo/CVE-ZLMediaKit/blob/main/READM...

https://github.com/Yao-ruo/CVE-FIND/blob/main/CVE-2023-39067

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2023
Vulnerability Reserved
Jul 25, 2023

CVE-2023-39067 Data

JSON

Zlmediakit

What is CVE-2023-39067?

References

CVSS V3.1

Timeline