A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
References
| Link | Resource |
|---|---|
| http://zzcms.net | Broken Link |
| https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43005%20ZZCMS2023%E5%8F%8D%E5%B0%84%E5%9E%8BXSS2.md | Broken Link |
Configurations
History
21 Apr 2025, 14:59
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://zzcms.net - Broken Link | |
| References | () https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43005%20ZZCMS2023%E5%8F%8D%E5%B0%84%E5%9E%8BXSS2.md - Broken Link | |
| First Time |
Zzcms
Zzcms zzcms |
|
| CPE | cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:* |
19 Aug 2024, 18:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
| CWE | CWE-79 |
19 Aug 2024, 13:00
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
16 Aug 2024, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-08-16 20:15
Updated : 2025-04-21 14:59
NVD link : CVE-2024-43005
Mitre link : CVE-2024-43005
CVE.ORG link : CVE-2024-43005
JSON object : View
Products Affected
zzcms
- zzcms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')