PatchSiren

Zuz CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Zuz CVE published 2026-06-04

CVE-2019-25731

CVE-2019-25731 is a persistent cross-site scripting vulnerability in Zuz Music 2.1. The vulnerability allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to /gmusic/zuzconsole/___contact, which executes when administrators view messages in the inbox inter [truncated]