CVE-2024-44819

Name of the Vulnerable Software and Affected Versions ZZCMS versions 2023 and earlier

Description A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the "admin/del.php" component. This flaw enables the attacker to execute malicious scripts, potentially leading to unauthorized access to sensitive data.

Recommendations For ZZCMS versions 2023 and earlier, consider disabling the pagename parameter in the "admin/del.php" component as a temporary workaround until a patch is available. Restrict access to the admin component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.