ByteOS Network

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.

Vendor-zkea n/a

Product-zkeacms n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-20670

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.71% / 71.21%

7 Day CHG~0.00%

Published-13 Sep, 2021 | 21:13

Updated-04 Aug, 2024 | 14:22

An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file.

Vendor-zkea n/a

Product-zkeacms n/a

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type