A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.
References
Link | Resource |
---|---|
https://github.com/SeriaWei/ZKEACMS/issues/457 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-25T00:01:06
Updated: 2022-05-25T00:00:58
Reserved: 2022-04-16T00:00:00
Link: CVE-2022-29362
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-25T01:15:07.320
Modified: 2022-06-03T17:43:46.160
Link: CVE-2022-29362
JSON object: View
Redhat Information
No data.
CWE