CVE-2024-43005

Name of the Vulnerable Software and Affected Versions ZZCMS version 2023

Description A reflected cross-site scripting (XSS) issue in the dl liuyan save.php component allows attackers to execute arbitrary code in the context of a user's browser by injecting a crafted payload. This enables the execution of malicious scripts, potentially leading to unauthorized actions or data theft.

Recommendations For ZZCMS version 2023, update the dl liuyan save.php component to prevent reflected cross-site scripting attacks, ensuring that user input is properly sanitized to prevent code injection. As a temporary workaround, consider restricting access to the dl liuyan save.php component until a patch is available.