First published: Tue Sep 07 2021(Updated: )
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eyoucms Eyoucms | =1.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-39499.
The severity of CVE-2021-39499 is medium with a severity value of 6.1.
The affected software is Qiong ICP EyouCMS version 1.5.4.
CVE-2021-39499 is a Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 that allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
Currently, there is no known fix for CVE-2021-39499. It is recommended to update to a newer version of the software when available or apply any patches or mitigations provided by the vendor.