CVE-2014-4710
ZeroCMS 1.0 - Stored Cross-Site Scripting via Full Name Field
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-4710. PoCs published by Mayuresh Dani.
AI-analyzed exploit summary This is a technical writeup describing a persistent XSS vulnerability in ZeroCMS 1.0, where unsanitized input in the 'Full Name', 'Email Address', 'Password', or 'Confirm Password' fields is stored in the database and executed when visiting logged-in pages. The writeup includes steps to reproduce the vulnerability and references external analysis.
Description
Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field.
Exploits (1)
This is a technical writeup describing a persistent XSS vulnerability in ZeroCMS 1.0, where unsanitized input in the 'Full Name', 'Email Address', 'Password', or 'Confirm Password' fields is stored in the database and executed when visiting logged-in pages. The writeup includes steps to reproduce the vulnerability and references external analysis.