CVE-2024-35110

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-35110

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35110.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-35110

Published

2024-05-17T08:15:06Z

Modified

2025-06-11T10:59:51.361806Z

Summary

[none]

Details

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.

References

https://github.com/yzmcms/yzmcms/issues/68

Affected packages

Git / github.com/yzmcms/yzmcms

Affected ranges

Type: GIT
Repo: https://github.com/yzmcms/yzmcms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0b8103c4abed5f714a96e75e937511ff528d01f9

Affected versions

v5.*

v5.3.0

v5.8

v6.*

v6.0

v6.1

v6.2

v6.3

v6.6

v6.7

v6.8

v6.9

v7.*

v7.0

v7.1