CVE-2024-35110 in YzmCMSinfo

Summary

by MITRE • 05/17/2024

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/10/2025

This reflected cross-site scripting vulnerability in YzmCMS 7.1 represents a critical security flaw that directly impacts user session integrity and data confidentiality. The vulnerability is specifically located within the yzmphp/core/class/application.class.php file where the application fails to properly sanitize user input before reflecting it back to the browser. When authenticated users navigate to a maliciously crafted URL containing crafted script payloads, the application processes this input without adequate validation or encoding mechanisms, allowing attacker-controlled code to execute within the victim's browser context.

The technical implementation of this vulnerability stems from improper input validation and output encoding practices within the application's core framework. When users access malicious links, the reflected payload is executed in their browser session, potentially enabling attackers to steal session cookies, perform unauthorized actions on behalf of victims, or redirect users to malicious sites. This type of vulnerability falls under CWE-79 which specifically addresses Cross-Site Scripting flaws, where the application incorporates untrusted data into web pages without proper validation or escaping. The attack vector requires users to actively click on malicious links, making it a user-initiated reflected XSS vulnerability rather than a server-side issue.

The operational impact of this vulnerability extends beyond simple cookie theft, as it can enable more sophisticated attacks such as session hijacking, privilege escalation, and data exfiltration. Attackers can leverage stolen session cookies to impersonate legitimate users and gain unauthorized access to administrative functions or sensitive user data. This vulnerability particularly affects logged-in users since the attack requires authentication context to be effective, making it a significant concern for applications handling user authentication and session management. The reflected nature of the vulnerability means that attackers do not need to store malicious payloads on the server, making detection and prevention more challenging.

Mitigation strategies for this vulnerability should focus on implementing comprehensive input validation and output encoding mechanisms throughout the application. The primary defense involves sanitizing all user-supplied input before processing or displaying it within web pages, utilizing proper HTML escaping techniques for dynamic content generation. Organizations should implement Content Security Policy headers to limit script execution contexts and employ proper session management practices including secure cookie attributes and session timeout mechanisms. Additionally, regular security code reviews and automated vulnerability scanning should be implemented to identify similar issues in other parts of the application. The remediation efforts align with ATT&CK technique T1531 which focuses on establishing persistence through session management flaws, emphasizing the need for robust authentication and session handling implementations. This vulnerability underscores the importance of following secure coding practices as outlined in OWASP Top Ten and ISO/IEC 27001 security standards, particularly regarding input validation and output encoding controls.

Reservation

05/09/2024

Disclosure

05/17/2024

Moderation

accepted

CPE

ready

EPSS

0.00294

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!