exploitDog

CVE-2024-35110

Опубликовано: 17 мая 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.

Ссылки

https://github.com/yzmcms/yzmcms/issues/68
Exploit
Issue Tracking
Vendor Advisory
https://github.com/yzmcms/yzmcms/issues/68
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yzmcms:yzmcms:7.1:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00276

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-hp4h-jp42-gc6q

CVSS3: 5.5

github

больше 1 года назад

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.

EPSS

Процентиль: 51%

0.00276

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-79