PT-2023-11646 · Z Blogphp · Z-Blogphp
Caitoubuo
·
Published
2023-04-04
·
Updated
2023-04-10
·
CVE-2020-23327
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ZblogPHP version 1.0
Description
A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted payload in the
title parameter of the module management model.Recommendations
For ZblogPHP version 1.0, avoid using the
title parameter in the module management model until the issue is resolved. As a temporary workaround, consider restricting access to the module management model to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Z-Blogphp