CVE-2023-42286

There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload...

CVE-2023-48881

A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctypeadd&ajax=1&lang=cn...

CVE-2023-48881

A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctypeadd&ajax=1&lang=cn...

CVE-2023-48882

A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&ajax=1&lang=cn...

CVE-2023-46935

eyoucms v1.6.4 is vulnerable Cross Site Scripting XSS, which can lead to stealing sensitive information of logged-in users...

CVE-2023-46935

The CVE-2023-46935 entry concerns eyoucms v1.6.4 with a Cross Site Scripting (XSS) vulnerability. Sources in connected documents indicate a stored XSS variant that could allow an attacker to steal sensitive information from logged-in users. The reported impact is confidentiality and user data exp...

CVE-2023-46935

eyoucms v1.6.4 is vulnerable Cross Site Scripting XSS, which can lead to stealing sensitive information of logged-in users...

KubePi session fixation attack allows an attacker to hijack a legitimate user session.

Summary A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application. Affected Version = v1.6.3 Patches The vulnerability has been fixed in v1.6.4...

GHSA-V4W5-R2XC-7F8H KubePi session fixation attack allows an attacker to hijack a legitimate user session.

Summary A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application. Affected Version = v1.6.3 Patches The vulnerability has been fixed in v1.6.4...

GHSA-GQX8-HXMV-C4V4 KubePi may allow unauthorized access to system API

Summary Unauthorized access refers to the ability to bypass the system's preset permission settings to access some API interfaces. The attack exploits a flaw in how online applications handle routing permissions. Affected Version = v1.6.3 Patches The vulnerability has been fixed in v1.6.4...

KubePi may allow unauthorized access to system API

Summary Unauthorized access refers to the ability to bypass the system's preset permission settings to access some API interfaces. The attack exploits a flaw in how online applications handle routing permissions. Affected Version = v1.6.3 Patches The vulnerability has been fixed in v1.6.4...