{"id":8285,"date":"2025-07-17T12:52:54","date_gmt":"2025-07-17T12:52:54","guid":{"rendered":"http:\/\/localhost\/?p=8285"},"modified":"2025-07-17T12:52:54","modified_gmt":"2025-07-17T12:52:54","slug":"zcms-create-article-page-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8285","title":{"rendered":"ZCMS Create Article Page cross site scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nZCMS Create Article Page cross site scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-17T17:32:06.646Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-17T17:32:06.646Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nn\/a<\/td>\n<\/tr>\n
Product<\/th>\nZCMS<\/td>\n<\/tr>\n
Version<\/th>\n3.6.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.1 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site scripting (XSS) vulnerability in ZCMS 3.6.0 allows remote attackers to inject malicious scripts via the Title argument on the Create Article Page. This could lead to unauthorized actions or data theft.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nZCMS Community<\/td>\n<\/tr>\n
AI Product<\/th>\nZCMS<\/td>\n<\/tr>\n
AI Version<\/th>\n3.6.0<\/td>\n<\/tr>\n
AI Score<\/th>\n5.1<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n