Vulnerability in N/a

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering <script> tags but fails to recursiv…

EPSS: 0.001 (16.3th percentile) — read the EPSS interpretation.

Affected products

  • N/a — versions n/a

References