PT-2023-30995 · Eyoucms · Eyoucms
Dililearngen
·
Published
2023-11-29
·
Updated
2023-12-05
·
CVE-2023-48880
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
EyouCMS version 1.6.4-UTF8-SP1
Description
A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Menu Name field at "/login.php?m=admin&c=Index&a=changeTableVal& ajax=1&lang=cn".Recommendations
For EyouCMS version 1.6.4-UTF8-SP1, consider disabling the
changeTableVal function in the /login.php endpoint until a patch is available. Restrict access to the Menu Name field to minimize the risk of exploitation. Avoid using the /login.php?m=admin&c=Index&a=changeTableVal& ajax=1&lang=cn endpoint with untrusted input until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eyoucms