Cross Site Scripting Vulnerability in EyouCMS by Weng Xianhu
CVE-2024-23032

6.1MEDIUM

Key Information:

Vendor

Eyoucms

Status
Eyoucms
Vendor
CVE Published:
1 February 2024

What is CVE-2024-23032?

A Cross Site Scripting (XSS) vulnerability exists in EyouCMS version 1.6.5, where an attacker can exploit the 'num' parameter to execute arbitrary code through a specially crafted URL. This vulnerability poses a risk as it allows remote attackers to inject malicious scripts into trusted web applications, potentially compromising sensitive user data and application integrity.

References

https://github.com/weng-xianhu/eyoucms/issues/57

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.