A xss vulnerability was discovered in yzmcms.
In YzmCMS 5.2, stored XSS exists via the admin/category/edit.html catname parameter, which allows remote attackers to inject arbitrary web script or HTML.
poc
xss payload:
<img src=# onerror=alert(1)>
The text was updated successfully, but these errors were encountered:
Vulnerability description
A xss vulnerability was discovered in yzmcms.
In YzmCMS 5.2, stored XSS exists via the admin/category/edit.html catname parameter, which allows remote attackers to inject arbitrary web script or HTML.
poc
xss payload:
The text was updated successfully, but these errors were encountered: