6 matches found
Cross site scripting
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet...
CVE-2023-41597
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet...
CVE-2023-41597
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet...
CVE-2023-34657
CVE-2023-34657 affects Eyoucms v1.6.2 with a stored XSS vulnerability in the web_recordnum parameter. Attackers can inject arbitrary web scripts/HTML to be executed in the victim’s browser, potentially manipulating the site or accessing user data. The available connected documents consistently de...
CVE-2023-31708
EyouCMS v1.6.2 contains a CSRF vulnerability in the Upload software format function that allows an attacker to execute arbitrary commands when a crafted HTML file is supplied. Documented entries consistently describe the issue as CSRF affecting EyouCMS 1.6.2 with a potential for command execution...
CVE-2023-31708
A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...