Cross Site Scripting Vulnerability in EyouCMS by Weng Xianhu
CVE-2024-23031

6.1MEDIUM

Key Information:

Vendor: Eyoucms
Status: Eyoucms
Vendor: CVE Published:; 1 February 2024

Summary

A Cross Site Scripting (XSS) vulnerability has been identified in the 'is_water' parameter of EyouCMS v.1.6.5, which allows remote attackers to execute arbitrary code through specially crafted URLs. This flaw enables malicious actors to manipulate web content, potentially leading to data theft, session hijacking, or other security breaches. Users of the affected version are advised to apply the necessary patches and follow best security practices to mitigate the risks associated with this vulnerability.

References

https://github.com/weng-xianhu/eyoucms/issues/57

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 1, 2024
Vulnerability Reserved
Jan 11, 2024