Cross Site Scripting Vulnerability in EyouCMS v1.6.4 by Eyou
CVE-2023-46935
5.4MEDIUM
Summary
EyouCMS version 1.6.4 contains a vulnerability that allows attackers to exploit Cross Site Scripting (XSS) flaws. This security weakness can be leveraged to inject malicious scripts into web pages viewed by logged-in users. If successful, this could allow attackers to capture sensitive information such as session tokens or user data, potentially compromising user accounts and leading to unauthorized access. It is essential for users to apply security patches and follow best practices to mitigate risks associated with this vulnerability.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved