CVE-2025-1949

Name of the Vulnerable Software and Affected Versions ZZCMS version 2025

Description A problematic issue has been found in the URL Handler component, specifically affecting the /3/ucenter api/code/register nodb.php file. The manipulation of the $ SERVER['PHP SELF'] argument leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For ZZCMS version 2025, consider restricting access to the vulnerable URL Handler component, specifically the /3/ucenter api/code/register nodb.php file, to minimize the risk of exploitation. As a temporary workaround, avoid using the $ SERVER['PHP SELF'] argument in sensitive operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.