First published: Wed Aug 18 2021(Updated: )
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eyoucms Eyoucms | <=1.4.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28146 is a Cross Site Scripting (XSS) vulnerability in Eyoucms v1.4.7 and earlier versions.
The XSS vulnerability in Eyoucms occurs due to improper sanitization of user-supplied input in the addonfieldext parameter.
The severity of CVE-2020-28146 is medium with a CVSS score of 6.1.
To fix the XSS vulnerability in Eyoucms, update to a version higher than 1.4.7.
More information about CVE-2020-28146 can be found in the references provided: [GitHub issue](https://github.com/eyoucms/eyoucms/issues/12), [Exploit-DB](https://www.exploit-db.com/exploits/48530), [Eyoucms Advisory](https://www.eyoucms.com/ask/list_1_0/4511.html).