CVE-2023-48881

Name of the Vulnerable Software and Affected Versions EyouCMS version 1.6.4-UTF8-SP1

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at "/login.php?m=admin&c=Field&a=arctype add& ajax=1&lang=cn". This enables attackers to potentially manipulate the website's behavior.

Recommendations For EyouCMS version 1.6.4-UTF8-SP1, consider disabling the arctype add functionality in the /login.php endpoint until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the Field Title field to minimize the risk of malicious payload injection.