CVE Details
Basic Information
| Title | ZCMS Create Article Page cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-07-17T17:32:06.646Z |
| Modified | 2025-07-17T17:32:06.646Z |
Product Information
| Vendor | n/a |
|---|---|
| Product | ZCMS |
| Version | 3.6.0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability in ZCMS 3.6.0 allows remote attackers to inject malicious scripts via the Title argument on the Create Article Page. This could lead to unauthorized actions or data theft. |
|---|---|
| AI Severity | Medium |
| AI Vendor | ZCMS Community |
| AI Product | ZCMS |
| AI Version | 3.6.0 |
| AI Score | 5.1 |
Affected Products
- n/a ZCMS 3.6.0
Additional Information
| CWE List | CWE-79, CWE-94 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as problematic was found in ZCMS 3.6.0. This vulnerability affects unknown code of the component Create Article Page. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.