CVE-2023-2058

🗓️ 14 Apr 2023 14:00:05Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 37 Views🌐 WEB

A vulnerability in EyouCms up to 1.6.2 allows for remote cross site scripting via the /yxcms/index.php file

Reporter	Title	Published	Views	Family All 20
Circl	CVE-2023-2058	14 Apr 202318:25	–	circl
CNNVD	EyouCms 跨站脚本漏洞	14 Apr 202300:00	–	cnnvd
Cvelist	CVE-2023-2058 EyouCms HTTP POST Request cross site scripting	14 Apr 202314:00	–	cvelist
EUVD	EUVD-2023-33584	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2058	14 Apr 202314:15	–	nvd
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20826-1)	1 Jun 202600:00	–	nessus
Tenable Nessus	SUSE SLES16 Security Update : kernel (SUSE-SU-2026:21860-1)	2 Jun 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2026:2195-1)	3 Jun 202600:00	–	nessus
OSV	OPENSUSE-SU-2026:20826-1 Security update for the Linux Kernel	28 May 202612:58	–	osv
OSV	SUSE-SU-2026:21841-1 Security update for the Linux Kernel	28 May 202611:40	–	osv

NVD

Vulners

Node

eyoucms eyoucmsRange≤1.6.2

[
  {
    "vendor": "n/a",
    "product": "EyouCms",
    "versions": [
      {
        "version": "1.6.0",
        "status": "affected"
      },
      {
        "version": "1.6.1",
        "status": "affected"
      },
      {
        "version": "1.6.2",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP POST Request Handler"
    ]
  }
]

Source	Link
github	www.github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
web_ico	request body	/yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4	Cross-site scripting via manipulation of the web_ico parameter in a POST request to the endpoint; allows remote attacker to inject script	CWE-79

21 Nov 2024 07:57Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.12.4 - 6.1

CVSS 23.3

CVSS 32.4

EPSS0.00355

CWE-79