Cross Site Scripting Vulnerability in YzmCMS 7.0 by YzmCMS
CVE-2024-28725

Currently unrated

Key Information:

Vendor: YzmCMS
Status: YzmCMS
Vendor: CVE Published:; 6 May 2024

What is CVE-2024-28725?

A Cross Site Scripting (XSS) vulnerability has been identified in YzmCMS version 7.0, which can be exploited by attackers to execute arbitrary code. This issue affects the Ads Management, Carousel Management, and System Settings components, potentially compromising the integrity and security of user data. Prompt action to mitigate this risk is essential for all users of the affected product.

References

https://github.com/asenzhenshuai/DongDong/blob/main/yzmcm...

https://github.com/asenzhenshuai/DongDong/issues/1

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2024
Vulnerability Reserved
Mar 8, 2024