Zhhhy

Name of the Vulnerable Software and Affected Versions: ZZZCMS version 1.7.1 Description: A Cross Site Request Forgery (CSRF) issue exists via the `save user` function in the "save.php" endpoint. This allows for unauthorized actions to be performed on behalf of a user. Recommendations: For ZZZCMS version 1.7.1, as a temporary workaround, consider disabling the `save user` function in save.php until a patch is available. Restrict access to the save.php endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ZZZCMS version 1.7.1 Description: A Cross Site Scripting (XSS) issue exists via an editfile action in the "save.php" endpoint. This allows for potential malicious script execution. Recommendations: For ZZZCMS version 1.7.1, consider restricting access to the "save.php" endpoint until a fix is available. As a temporary workaround, avoid using the editfile action in save.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.