CVE-2023-31862

MEDIUM

jizhicms 2.4.6 - Stored Cross-Site Scripting via Article Content

Title source: llm
STIX 2.1

Description

jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/Cherry-toto/jizhicms/issues/86

Scores

CVSS v3 5.4
EPSS 0.0034
EPSS Percentile 26.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
jizhicms/jizhicms 2.4.6
Published May 19, 2023
Tracked Since Feb 18, 2026