Dililearngen

**Name of the Vulnerable Software and Affected Versions** EyouCMS version 1.6.4-UTF8-SP1 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Menu Name` field at "/login.php?m=admin&c=Index&a=changeTableVal& ajax=1&lang=cn". **Recommendations** For EyouCMS version 1.6.4-UTF8-SP1, consider disabling the `changeTableVal` function in the `/login.php` endpoint until a patch is available. Restrict access to the `Menu Name` field to minimize the risk of exploitation. Avoid using the `/login.php?m=admin&c=Index&a=changeTableVal& ajax=1&lang=cn` endpoint with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EyouCMS version 1.6.4-UTF8-SP1 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Field Title` field at "/login.php?m=admin&c=Field&a=arctype add& ajax=1&lang=cn". This enables attackers to potentially manipulate the website's behavior. **Recommendations** For EyouCMS version 1.6.4-UTF8-SP1, consider disabling the `arctype add` functionality in the `/login.php` endpoint until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the `Field Title` field to minimize the risk of malicious payload injection.