CVE-2022-28522

Name of the Vulnerable Software and Affected Versions ZCMS version v20170206

Description A stored cross-site scripting (XSS) issue was found in ZCMS. The issue is exploited via the index.php endpoint with specific parameters: m=home, c=message, and a=add. This allows for malicious script execution.

Recommendations For ZCMS version v20170206, as a temporary workaround, consider restricting access to the index.php endpoint with the parameters m=home, c=message, and a=add until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.