CVE-2021-39499: XSS
First published: Tue Sep 07 2021(Updated: )
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eyoucms Eyoucms | =1.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-39499.
What is the severity of CVE-2021-39499?
The severity of CVE-2021-39499 is medium with a severity value of 6.1.
What is the affected software?
The affected software is Qiong ICP EyouCMS version 1.5.4.
How does CVE-2021-39499 work?
CVE-2021-39499 is a Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 that allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
Is there a fix for CVE-2021-39499?
Currently, there is no known fix for CVE-2021-39499. It is recommended to update to a newer version of the software when available or apply any patches or mitigations provided by the vendor.
- collector/nvd-index
- vendor/eyoucms
- canonical/eyoucms eyoucms
- version/eyoucms eyoucms/1.5.4