Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-12-13
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-12-09
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-14
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-14
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-14
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-10-14
An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-05-24
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
CVSS Score
5.4
EPSS Score
0.061
Published
2020-12-18
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-24
Page 3