GHSA-43p9-cg2h-73x3
GitHub Security Advisory
⚠ Unreviewed
MODERATE
Has CVE
Advisory Details
A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. When a user visits the ask/show_{newsid}.html page, the injected script is executed in the context of the user's browser, leading to potential theft of cookies, session tokens, or other sensitive information.
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: June 16, 2025 6:25 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.