Cross Site Scripting Vulnerability in YzmCMS 7.0 by YzmCMS
CVE-2024-28725

7.1HIGH

Key Information:

Vendor

YzmCMS

Status
Vendor
CVE Published:
6 May 2024

What is CVE-2024-28725?

A Cross Site Scripting (XSS) vulnerability has been identified in YzmCMS version 7.0, which can be exploited by attackers to execute arbitrary code. This issue affects the Ads Management, Carousel Management, and System Settings components, potentially compromising the integrity and security of user data. Prompt action to mitigate this risk is essential for all users of the affected product.

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.