CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.

**ZZCMS2021\_XSS\_1****PoC by rerce&rpsate****ZZCMS the lastest version download page :**

http://www.zzcms.net/about/6.html

software link: https://github.com/Boomingjacob/ZZCMS/raw/main/zzcms2021.zip

**Environmental requirements**

PHP version > = 4.3.0

Mysql version>=4.0.0

**vulnerability code:**

In the file `admin/ad_manage.php` line 18.The variable `$keyword` can be controlled by the `$_REQUEST['keyword']`,then output on line 32 and it not be filtered.

![微信图片_20220119232830](https://user-images.githubusercontent.com/78201553/150162138-4e447143-512b-4a2e-a955-4dee79965266.png)

POC:

1.  First log in to the administrator account.
2.  Visit `http://your-ip/admin/ad_manage.php?keyword=a"><img src=1 onerror='alert(1)'/><"`.
3.  you will see a popup.

![微信图片_20220119232835](https://user-images.githubusercontent.com/78201553/150162365-8362a1ee-aba2-4437-afaf-88ed751d5090.png)

Headline

CVE-2021-46437: ZZCMS2021 has a xss vulnerability · Issue #2 · xunyang1/ZZCMS

CVE: Latest News