CVE-2024-23031

Name of the Vulnerable Software and Affected Versions eyoucms version 1.6.5

Description A Cross Site Scripting (XSS) issue exists in the is water parameter, allowing a remote attacker to execute arbitrary code via a crafted URL. This enables the attacker to potentially steal user data or take control of the user's session.

Recommendations For eyoucms version 1.6.5, consider restricting access to the is water parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.