CVE-2022-33122

Name of the Vulnerable Software and Affected Versions eyoucms version 1.5.6

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. This enables attackers to potentially steal user data or take control of user sessions.

Recommendations For eyoucms version 1.5.6, consider disabling access to the login page until a patch is available, or restrict the ability to inject payloads into the URL field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.