CVE-2021-39428

Name of the Vulnerable Software and Affected Versions eyoucms version 1.5.4

Description The issue is related to a Cross Site Scripting (XSS) vulnerability in the Users.php file. This vulnerability allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit users head pic.

Recommendations For eyoucms version 1.5.4, consider restricting access to the edit users head pic functionality until a patch is available, and avoid using the filename variable in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.