CVE-2025-1949

Medium CVSS: 5.3

A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendor

Zzcms

Product

Zzcms

CWE

CWE-79

Yayın Tarihi

2025-03-04 19:15:37

Güncelleme

2025-04-23 15:00:45

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Zzcms MEDIUM Zzcms 2025

Referanslar

https://github.com/Sinon2003/cve/blob/main/zzcms/xss-register_nodb.php.md https://vuldb.com/?ctiid.298541 https://vuldb.com/?id.298541 https://vuldb.com/?submit.508909 https://github.com/Sinon2003/cve/blob/main/zzcms/xss-register_nodb.php.md

Benzer Kayıtlar

Medium

CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/sitecon…

Medium

CVE-2025-14836

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_sa…

Medium

CVE-2025-13171

A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such…

Critical

CVE-2025-22957

A SQL injection vulnerability exists in the front-end of the website in ZZCMS

Medium

CVE-2025-0565

A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functiona…