CVE-2024-35110

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions YzmCMS version 7.1

Description A reflected XSS issue has been found in the yzmphp/core/class/application.class.php file. When logged-in users access a malicious link, their cookies can be captured by an attacker. This could lead to potential data theft and site defacement.

Recommendations For YzmCMS version 7.1, patch immediately and validate input sanitization to prevent exploitation. As a temporary workaround, consider restricting access to the vulnerable application.class.php file until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-35110

Affected Products

Yzmcms

CVE-2024-35110

Weakness Enumeration

Related Identifiers

Affected Products

References · 8