CVE-2019-25731

Sažetak

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to /gmusic/zuzconsole/___contact, which executes when administrators view messages in the inbox interface.

Reference

https://codecanyon.net/item/zuz-music-advance-music-platform-system/21633476
https://www.exploit-db.com/exploits/46420
https://www.vulncheck.com/advisories/zuz-music-persistent-cross-site-scripting-via-zuzconsole-contact
https://zuz.host/

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

10-06-2026 - 02:16

Objavljeno

04-06-2026 - 14:16