CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2023-41597
https://notcve.org/view.php?id=CVE-2023-41597
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. Se descubrió que EyouCms v1.6.2 contiene una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada a través del componente /admin/twitter.php?active_t. • https://github.com/emlog/emlog/issues/238 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34657
https://notcve.org/view.php?id=CVE-2023-34657
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Eyoucms v1.6.2 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de una carga útil manipulada inyectada en el parámetro "web_recordnum". • https://github.com/weng-xianhu/eyoucms/issues/43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33492
https://notcve.org/view.php?id=CVE-2023-33492
EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). • https://github.com/weng-xianhu/eyoucms/issues/42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31708
https://notcve.org/view.php?id=CVE-2023-31708
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. • https://github.com/weng-xianhu/eyoucms/issues/41 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2058 – EyouCms HTTP POST Request cross site scripting
https://notcve.org/view.php?id=CVE-2023-2058
A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. • https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md https://vuldb.com/?ctiid.225943 https://vuldb.com/?id.225943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •