In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
References
Link | Resource |
---|---|
https://github.com/ponyma233/YzmCMS/blob/master/YzmCMS_3.6_bug.md | Third Party Advisory |
https://www.exploit-db.com/exploits/44405/ | Exploit Third Party Advisory VDB Entry |
https://packetstormsecurity.com/files/147065/YzmCMS-3.6-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2018-03-04 11:29
Updated : 2019-06-10 12:02
NVD link : CVE-2018-7653
Mitre link : CVE-2018-7653
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
yzmcms
- yzmcms