First published: Tue Sep 07 2021(Updated: )
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eyoucms Eyoucms | =1.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-39496 is a vulnerability in Eyoucms 1.5.4 that allows an attacker to inject malicious code into the 'filename' parameter to trigger a Reflected XSS attack.
CVE-2021-39496 has a severity rating of 5.4, which is considered medium.
CVE-2021-39496 affects Eyoucms 1.5.4 by allowing an attacker to inject malicious code into the 'filename' parameter.
To fix CVE-2021-39496 in Eyoucms 1.5.4, you should update to the latest version of the software and ensure that input data is properly sanitized.
More information about CVE-2021-39496 can be found on the GitHub page for the vulnerability (https://github.com/KietNA-HPT/CVE) and the official release page for Eyoucms (https://github.com/eyoucms/eyoucms/releases/tag/v1.5.4).