exploitDog

CVE-2023-48881

Опубликовано: 29 нояб. 2023

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.

Ссылки

https://github.com/weng-xianhu/eyoucms/issues/53
Exploit
Issue Tracking
Third Party Advisory
https://github.com/weng-xianhu/eyoucms/issues/53
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eyoucms:eyoucms:1.6.4:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-2539-c345-jfjh

CVSS3: 4.8

github

больше 1 года назад

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.

EPSS

Процентиль: 34%

0.00136

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79