CVE-2020-23370

Posted on by admin

CVE-2020-23370

In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.

Source: CVE-2020-23370

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다