First published: Mon May 10 2021(Updated: )
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Yzmcms Yzmcms | =5.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.