PT-2024-25772 · Jizhicms · Jizhicms
Yohane-Nlm
·
Published
2024-05-08
·
Updated
2025-06-13
·
CVE-2024-34255
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
jizhicms version 2.5.1
Description
The issue is related to a Cross-Site Scripting (XSS) vulnerability in the message function. This vulnerability allows for the injection of malicious scripts. To prevent exploitation, it is recommended to sanitize user input before output.
Recommendations
For jizhicms version 2.5.1, update to a patched version if available. As a temporary workaround, consider sanitizing user input in the message function to prevent the injection of malicious scripts.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jizhicms