CVE-2024-43005 – A reflected cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-43005?

CVE-2024-43005 has a CVSS score of 4.7 (MEDIUM). A reflected cross-site scripting (XSS) vulnerability in ZZCMS v2023 allows attackers to inject malicious scripts via the dl_liuyan_save.php component. When exploited, this enables arbitrary code execution in users' browsers, potentially compromising their sessions or stealing sensitive data. Organizations running vulnerable ZZCMS installations are affected.

📋 TL;DR

A reflected cross-site scripting (XSS) vulnerability in ZZCMS v2023 allows attackers to inject malicious scripts via the dl_liuyan_save.php component. When exploited, this enables arbitrary code execution in users' browsers, potentially compromising their sessions or stealing sensitive data. Organizations running vulnerable ZZCMS installations are affected.

💻 Affected Systems

Products:

ZZCMS

Versions: v2023

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of ZZCMS v2023. Any system with the dl_liuyan_save.php component accessible is vulnerable.

📦 What is this software?

Zzcms by Zzcms

View all CVEs affecting Zzcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, hijack user sessions, deface websites, or redirect users to malicious sites, leading to complete system compromise and data theft.

🟠

Likely Case

Attackers steal session cookies or authentication tokens, enabling unauthorized access to user accounts and potentially escalating privileges within the CMS.

🟢

If Mitigated

With proper input validation and output encoding, the attack is prevented, though the vulnerable endpoint remains accessible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit requires crafting a malicious URL with XSS payload and tricking users into clicking it. Public proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://zzcms.net

Restart Required: No

Instructions:

1. Monitor the ZZCMS vendor website for security updates. 2. Apply any available patches immediately. 3. Test the fix in a non-production environment first.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side input validation and output encoding in dl_liuyan_save.php to prevent XSS payloads from executing.

Modify PHP code to use htmlspecialchars() or similar functions on user inputs

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block XSS payloads targeting the vulnerable endpoint.

Configure WAF to detect and block patterns like <script>, javascript:, and other XSS indicators

🧯 If You Can't Patch

Restrict access to dl_liuyan_save.php using network ACLs or authentication requirements
Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Test by injecting a simple XSS payload like <script>alert('XSS')</script> into parameters processed by dl_liuyan_save.php and checking if it executes in browser.

Check Version:

Check ZZCMS version in admin panel or review installation files for version indicators

Verify Fix Applied:

After applying fixes, retest with the same XSS payload to confirm it's properly sanitized and doesn't execute.

📡 Detection & Monitoring

Log Indicators:

Unusual GET/POST requests to dl_liuyan_save.php containing script tags or JavaScript code
Multiple failed XSS attempts from same IP

Network Indicators:

HTTP requests with suspicious parameters containing <script>, javascript:, or encoded payloads

SIEM Query:

source="web_logs" AND uri="*dl_liuyan_save.php*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-43005

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CWE: CWE-79

Published: August 16, 2024

Last Updated: April 21, 2025

🔗 References

http://zzcms.net Broken Link
https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43005%20ZZCMS2023%E5%8F%8D%E5%B0%84%E5%9E%8BXSS2.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43005, you might also want to check these: