{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29840", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T18:48:50.916Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-24T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-24T15:57:26.091Z"}, "descriptions": [{"lang": "en", "value": "JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering <script> tags but fails to recursively remove dangerous event handlers in other HTML tags (such as onerror in <img> tags). This allows an authenticated remote attacker to inject arbitrary web script or HTML via the body parameter in a POST request to /user/release.html."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://www.demo.com/user/release/molds/article.html"}, {"url": "https://gist.github.com/w-p-man/790f51f918499798180a8def3a6fdfb0"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T18:48:32.443179Z", "id": "CVE-2026-29840", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:48:50.916Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-29840", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T18:48:32.443179Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:48:47.135Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://www.demo.com/user/release/molds/article.html"}, {"url": "https://gist.github.com/w-p-man/790f51f918499798180a8def3a6fdfb0"}], "descriptions": [{"lang": "en", "value": "JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering <script> tags but fails to recursively remove dangerous event handlers in other HTML tags (such as onerror in <img> tags). This allows an authenticated remote attacker to inject arbitrary web script or HTML via the body parameter in a POST request to /user/release.html."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-24T15:57:26.091Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29840", "state": "PUBLISHED", "dateUpdated": "2026-03-24T18:48:50.916Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-24T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jizhicms:jizhicms:*:*:*:*:*:*:*:*", "matchCriteriaId": "09721DA8-D697-4778-89A7-2B7D804451CD", "versionEndIncluding": "2.5.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering <script> tags but fails to recursively remove dangerous event handlers in other HTML tags (such as onerror in <img> tags). This allows an authenticated remote attacker to inject arbitrary web script or HTML via the body parameter in a POST request to /user/release.html."}], "id": "CVE-2026-29840", "lastModified": "2026-03-25T20:49:31.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-24T16:16:30.907", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.demo.com/user/release/molds/article.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/w-p-man/790f51f918499798180a8def3a6fdfb0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.6]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "jizhicms", "vendor": "jizhicms"}], "analysis": {"en": {"generated_at": "2026-03-25T23:51:46.113593+00:00", "value": {"mitigation_remediation": ["Apply an updated version of JiZhiCMS that fixes the XSS issue or install the vendor\u2011provided patch.", "If an upgrade cannot be performed immediately, restrict the /user/release.html endpoint to trusted accounts or disable it until remediation is complete.", "Implement stricter input validation on the body parameter, stripping event attributes and script tags before storage.", "Review existing content for malicious payloads and sanitize or remove them.", "Monitor web\u2011server logs for suspicious POST requests to /user/release.html and block offending IP addresses or users."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting allowing script injection"}, "threat_synthesis": {"affected_systems": "JiZhiCMS, particularly versions 2.5.6 and before, are impacted. No additional vendors or products were identified by the CNA. The vulnerability is referenced by the CPE string jizhicms:jizhicms.", "description_and_impact": "This flaw occurs in JiZhiCMS version 2.5.6 and earlier within the release function of the user controller. The input sanitization removes <script> tags but leaves dangerous attributes such as onerror on <img> tags untouched. An authenticated attacker can submit a POST request to /user/release.html with a crafted body that contains malicious JavaScript or HTML, which is then stored and executed in the browser context of any user who views the content, enabling client\u2011side data theft, session hijacking, or page defacement.", "risk_and_exploitability": "The CVSS base score of 5.4 indicates medium severity, while the EPSS score of less than 1% points to a low likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog. Exploitation requires authenticated access to the CMS, limiting the attack surface to privileged users. The primary consequence is that arbitrary client\u2011side code can be injected and executed in the browsers of other logged\u2011in users."}}}}, "created": "2026-03-25T11:48:55.128665+00:00", "title": "Stored XSS in JiZhiCMS Release Function Allows Authenticated Script Injection", "updated": "2026-03-26T12:20:26.988985+00:00", "vendors": ["jizhicms", "jizhicms$PRODUCT$jizhicms"]}