CNNVD-202507-2326 Information

CNNVD ID

CNNVD-202507-2326

Related CVE

CVE-2025-7748

• CNNVD Published: 2025-07-17

Description (Chinese)

ZVING ZCMS（泽元网站内容管理系统）是中国泽元软件（ZVING）公司的一款企业级网站内容管理软件。 ZVING ZCMS 3.6.0版本存在代码注入漏洞，该漏洞源于组件Create Article Page中参数Title处理不当，可能导致跨站脚本攻击。

Description (English)

ZVING ZCMS (Zewon Content Management System) is an enterprise-level content management software for Zewon Software, China. Version ZVING ZCMS 3.6.0 contains a code-injecting loophole, which stems from the inappropriate handling of the parameter Title in component Create Article Page, which may result in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

泽元软件

Published

2025-07-17

Last Modified

2026-02-24

References

https://github.com/falling-snow1/CVE2/ https://vuldb.com/?ctiid.316738 https://vuldb.com/?id.316738 https://vuldb.com/?submit.615488