CVE-2024-39174

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-39174

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39174.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-39174

Published

2024-07-05T18:15:32Z

Modified

2025-06-14T04:02:42.603339Z

Summary

[none]

Details

A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article.

References

https://github.com/0x1ang/cvepbulic/issues/1

Affected packages

Git / github.com/yzmcms/yzmcms

Affected ranges

Type: GIT
Repo: https://github.com/yzmcms/yzmcms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0b8103c4abed5f714a96e75e937511ff528d01f9

Affected versions

v5.*

v5.3.0

v5.8

v6.*

v6.0

v6.1

v6.2

v6.3

v6.6

v6.7

v6.8

v6.9

v7.*

v7.0

v7.1