{"id":"CVE-2024-39203","details":"A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.","modified":"2026-04-10T05:14:15.555067Z","published":"2024-07-08T16:15:08.570Z","references":[{"type":"EVIDENCE","url":"https://github.com/5r1an/CVE-2024-39203/issues/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zblogcn/zblogphp","events":[{"introduced":"0"},{"last_affected":"96a5fcdc3c958268559ec63c8fbd0a60e3c7e1c8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.3.3230"}]}}],"versions":["1.5.0.1525","1.5.0.1525-2","1.5.0.1525-4","1.5.0.1525-5","1.5.0.1525-6","1.5.0.1525-7","1.5.0.1525-8","1626","1740","v1.6.0","v1.6.1","v1.7.0","v1.7.0-2945","v1.7.0-beta","v1.7.1-2960","v1.7.2-3030","v1.7.3-3230"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39203.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}