Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-10	CVE-2022-27125	Cross-site Scripting vulnerability in Zbzcms 1.0 zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. network low complexity zbzcms CWE-79	6.1
2022-04-10	CVE-2022-27127	SQL Injection vulnerability in Zbzcms 1.0 zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. network low complexity zbzcms CWE-89	6.5