CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48880
https://notcve.org/view.php?id=CVE-2023-48880
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. Una vulnerabilidad de cross-site scripting (XSS) almacenado en EyouCMS v1.6.4-UTF8-SP1 permite a los atacantes ejecutar script web o HTML arbitrarios a través de un payload manipulado inyectado en el campo Nombre del menú en /login.php?m=admin&c=Index&a= changeTableVal&_ajax=1&lang=cn. • https://github.com/weng-xianhu/eyoucms/issues/52 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48881
https://notcve.org/view.php?id=CVE-2023-48881
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. Una vulnerabilidad de cross-site scripting (XSS) almacenado en EyouCMS v1.6.4-UTF8-SP1 permite a los atacantes ejecutar scripts o HTML arbitrarios a través de un payload manipulado inyectado en el campo Título del campo en /login.php?m=admin&c=Field&a= arctype_add&_ajax=1&lang=cn. • https://github.com/weng-xianhu/eyoucms/issues/53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48882
https://notcve.org/view.php?id=CVE-2023-48882
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. Una vulnerabilidad de cross-site scripting (XSS) almacenado en EyouCMS v1.6.4-UTF8-SP1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo Propiedades del documento en /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&idioma=cn. • https://github.com/weng-xianhu/eyoucms/issues/54 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46935
https://notcve.org/view.php?id=CVE-2023-46935
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. eyoucms v1.6.4 es vulnerable a Cross Site Scripting (XSS), lo que puede conducir al robo de información confidencial de los usuarios que han iniciado sesión. • https://github.com/weng-xianhu/eyoucms/issues/55 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •