Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-43006

EPSS 0.15% · P36
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-43006

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. When a user visits the ask/show_{newsid}.html page, the injected script is executed in the context of the user's browser, leading to potential theft of cookies, session tokens, or other sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZZCMS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZZCMS是中国ZZCMS团队的一套内容管理系统(CMS)。 ZZCMS v2023版本存在安全漏洞,该漏洞源于容易受到储型跨站脚本攻击,允许攻击者发送包含恶意JavaScript代码的POST请求,并在参数中插入该代码。当用户访问页面时,注入的脚本会在用户浏览器环境中执行,从而窃取敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2024-43006

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-43006

登录查看更多情报信息。

Same Patch Batch · n/a · 2024-08-16 · 15 CVEs total

CVE-2024-43011ZZCMS 安全漏洞
CVE-2024-43042Pluck 安全漏洞
CVE-2024-43009ZZCMS 安全漏洞
CVE-2024-43005ZZCMS 安全漏洞
CVE-2024-25837BlogHub 安全漏洞
CVE-2024-42995Vtiger CRM 安全漏洞
CVE-2024-42994VTiger CRM 安全漏洞
CVE-2024-42634Tenda AC9 安全漏洞
CVE-2024-42637H3C R3010 安全漏洞
CVE-2024-42758DokuWiki 安全漏洞
CVE-2024-42849Silverpeas 安全漏洞
CVE-2024-42638H3C Magic B1ST 安全漏洞
CVE-2024-42850Silverpeas 安全漏洞
CVE-2024-42639H3C GR1100-P 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2024-43006

No comments yet

Leave a comment