CVE-2024-44818

Name of the Vulnerable Software and Affected Versions ZZCMS versions 2023 and earlier

Description The issue allows a remote attacker to obtain sensitive information via the HTTP Referer header of the caina.php component. This is a Cross Site Scripting vulnerability, which enables the attacker to gain sensitive information.

Recommendations For ZZCMS versions 2023 and earlier, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the caina.php component to minimize the risk of exploitation. Avoid using the HTTP Referer header in the affected component until the issue is resolved.