Cross Site Scripting Vulnerability in EyouCMS by Weng Xianhu
CVE-2024-23031

6.1MEDIUM

Key Information:

Vendor: Eyoucms
Status: Eyoucms
Vendor: CVE Published:; 1 February 2024

What is CVE-2024-23031?

A Cross Site Scripting (XSS) vulnerability has been identified in the 'is_water' parameter of EyouCMS v.1.6.5, which allows remote attackers to execute arbitrary code through specially crafted URLs. This flaw enables malicious actors to manipulate web content, potentially leading to data theft, session hijacking, or other security breaches. Users of the affected version are advised to apply the necessary patches and follow best security practices to mitigate the risks associated with this vulnerability.

References

https://github.com/weng-xianhu/eyoucms/issues/57

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2024
Vulnerability Reserved
Jan 11, 2024

Eyoucms

What is CVE-2024-23031?

References

CVSS V3.1

Timeline