Cross Site Scripting Vulnerability in EyouCMS Up to Version 1.7.7
CVE-2025-15374

5.1MEDIUM

Key Information:

Vendor

EyouCMS

Status
Eyoucms
Vendor
CVE Published:
31 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-15374?

A vulnerability exists in EyouCMS, specifically in the Ask Module's Ask.php file, allowing malicious actors to perform cross site scripting (XSS) attacks. This can be triggered by manipulating the 'content' argument within the application. Remote attackers can exploit this weakness, potentially compromising user data and website integrity. The vendor is aware of the issue and has indicated that they will issue a fix in version 1.7.8 to address this security flaw.

Affected Version(s)

EyouCMS 1.7.0

EyouCMS 1.7.1

EyouCMS 1.7.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15374 - Proof of Concept

References

https://vuldb.com/?id.339082
vdb-entrytechnical-description
https://vuldb.com/?ctiid.339082
signaturepermissions-required
https://vuldb.com/?submit.718480
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

pemic (VulDB User)
JSON
.
CVE-2025-15374 : Cross Site Scripting Vulnerability in EyouCMS Up to Version 1.7.7