Vulnerabilities > Zzcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-18 CVE-2020-20285 Cross-site Scripting vulnerability in Zzcms 2019
There is a XSS in the user login page in zzcms 2019.
network
low complexity
zzcms CWE-79
5.4
5.4
2019-03-07 CVE-2018-17413 Cross-site Scripting vulnerability in Zzcms 8.3
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.
network
low complexity
zzcms CWE-79
6.1
6.1
2019-02-24 CVE-2019-9078 Cross-site Scripting vulnerability in Zzcms 2019
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
network
low complexity
zzcms CWE-79
5.4
5.4
2018-09-30 CVE-2018-17798 Path Traversal vulnerability in Zzcms 8.3
An issue was discovered in zzcms 8.3.
network
low complexity
zzcms CWE-22
6.5
6.5
2018-09-30 CVE-2018-17797 Path Traversal vulnerability in Zzcms 8.3
An issue was discovered in zzcms 8.3.
network
low complexity
zzcms CWE-22
6.5
6.5
2018-08-06 CVE-2018-14962 Cross-site Scripting vulnerability in Zzcms 8.3.
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
network
low complexity
zzcms CWE-79
5.4
5.4
2018-02-24 CVE-2018-7434 Path Traversal vulnerability in Zzcms 8.2
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.
network
low complexity
zzcms CWE-22
5.3
5.3