CVE-2018-8078
MEDIUMYzmCMS 3.7 - Stored Cross-Site Scripting via Advertisement Title Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-8078. PoCs published by Jx0n0.
AI-analyzed exploit summary This repository documents a stored XSS vulnerability in YZMCMS v3.7, specifically in the advertisement management module. The writeup details how the 'title' parameter is not properly sanitized, allowing arbitrary JavaScript execution when rendered in the admin interface.
Description
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.
Exploits (1)
This repository documents a stored XSS vulnerability in YZMCMS v3.7, specifically in the advertisement management module. The writeup details how the 'title' parameter is not properly sanitized, allowing arbitrary JavaScript execution when rendered in the admin interface.
References (1)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N