CVE-2025-1949 | ZZCMS 2025 URL register_nodb.php $_SERVER[‘PHP_SELF’] cross site scripting

Inserito da Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting.

The identification of this vulnerability is CVE-2025-1949. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-1949 | ZZCMS 2025 URL register_nodb.php $_SERVER[‘PHP_SELF’] cross site scripting

Post correlati

CVE-2024-28126 | Zerochannel 0ch BBS Script 4.00 cross site scripting

CVE-2025-1681 | ThemeMakers Car Dealer Automotive Theme up to 1.6.4 on WordPress authorization

CVE-2024-0771 | Nsasoft Product Key Explorer 4.0.9 Registration Name/Key memory corruption

CVE-2024-53672 | HPE Aruba Networking ClearPass Policy Manager up to 6.11.9/6.12.2 Web-based Management Interface os command injection