CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-35110

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.1%

CVSS Severity

CVSS v3 Score 5.5

References

https://github.com/yzmcms/yzmcms/issues/68
https://github.com/yzmcms/yzmcms/issues/68

Products affected by CVE-2024-35110

Yzmcms » Yzmcms » Version: 7.1

cpe:2.3:a:yzmcms:yzmcms:7.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-35110

Products

Pricing

Contact Us