Storage Type XSS Vulnerability in EyouCMS by Weng Xianhu
CVE-2023-36093

5.4MEDIUM

Key Information:

Vendor: Eyoucms
Status: Eyoucms
Vendor: CVE Published:; 22 June 2023

What is CVE-2023-36093?

A storage type cross site scripting (XSS) vulnerability has been identified in the filing number section of the Basic Information tab on the backend management page of EyouCMS version 1.6.3. This flaw could allow attackers to inject malicious scripts, potentially compromising user sessions and sensitive data by exploiting unvalidated input fields.

References

https://github.com/weng-xianhu/eyoucms/issues/44

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2023
Vulnerability Reserved
Jun 21, 2023

Eyoucms

What is CVE-2023-36093?

References

CVSS V3.1

Timeline