Reflected XSS Vulnerability in YzmCMS 7.1
CVE-2024-35110
5.5MEDIUM
Summary
A reflected cross-site scripting (XSS) vulnerability has been identified in YzmCMS version 7.1. This vulnerability resides in the yzmphp/core/class/application.class.php file, allowing logged-in users to be susceptible to malicious links. When these users click on such links, an attacker can capture sensitive information, including session cookies, leading to unauthorized access and potential compromise of their accounts. Web administrators and users should take immediate action to mitigate this risk by ensuring the use of updated software and applying necessary security patches.
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published