CVE-2023-6439 LOW

CVE-2023-6439: ZenTao PMS cross site scripting

Vendor N/A

Product ZenTao PMS

Weakness CWE-79 · XSS

Published November 30, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439.

Key dates

02Disclosure timeline

November 30, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6439 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-53953 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via Page Creation CVE-2025-32552 WordPress MSRP (RRP) Pricing for WooCommerce Plugin <= 1.8.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-1841 PixelYourSite <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting CVE-2025-47977 Nuance Digital Engagement Platform Spoofing Vulnerability CVE-2024-4647 Campcodes Complete Web-Based School Management System student_first_payment.php cross site scripting