CVE-2020-20285
MEDIUM NUCLEIZzcms - XSS
Title source: ruleDescription
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
Nuclei Templates (1)
ZZcms - Cross-Site Scripting
MEDIUMVERIFIEDby edoardottt
FOFA:
zzcms
Scores
CVSS v3
5.4
EPSS
0.0607
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
zzcms/zzcms
2019
Published
Dec 18, 2020
Tracked Since
Feb 18, 2026