Stored Cross-Site Scripting Vulnerability in EyouCMS by Weng Xianhu
CVE-2023-48880

4.8MEDIUM

Key Information:

Vendor: Eyoucms
Status: Eyoucms
Vendor: CVE Published:; 29 November 2023

Summary

EyouCMS v1.6.4-UTF8-SP1 is impacted by a stored cross-site scripting vulnerability that allows attackers to inject and execute malicious web scripts or HTML. This exploit can occur through the Menu Name field at a specific URL endpoint, potentially compromising the security of affected applications. Proper validation and sanitization measures should be implemented to mitigate this threat.

References

https://github.com/weng-xianhu/eyoucms/issues/52

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 29, 2023
Vulnerability Reserved
Nov 20, 2023