Cross Site Scripting Vulnerability in ZZCMS by ZZCMS Inc.
CVE-2024-11130

4.8MEDIUM

Key Information:

Vendor

Zzcms

Status
Zzcms
Vendor
CVE Published:
12 November 2024

What is CVE-2024-11130?

A cross site scripting vulnerability has been identified in the ZZCMS platform affecting its /admin/msg.php functionality. This issue arises from improper validation of user input in the 'keyword' argument, enabling attackers to inject and execute malicious scripts in the context of users’ browsers. As a result, this vulnerability can be exploited remotely, allowing unauthorized access to sensitive user data. The exploit has been publicly acknowledged, which raises concerns for web application security and demands urgent attention from users operating on affected versions.

References

https://vuldb.com/?id.283976
https://vuldb.com/?ctiid.283976
https://vuldb.com/?submit.439699

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.