CVE-2023-31862

MEDIUM

jizhicms v2.4.6 - XSS

Title source: llm

Description

jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/Cherry-toto/jizhicms/issues/86

Scores

CVSS v3 5.4

EPSS 0.0011

EPSS Percentile 28.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

jizhicms/jizhicms 2.4.6

Published May 19, 2023

Tracked Since Feb 18, 2026