First published: Fri Apr 14 2023(Updated: )
A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Eyoucms Eyoucms | =1.5.4 | |
=1.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-2057 is medium with a CVSS score of 6.1.
The affected software for CVE-2023-2057 is EyouCms version 1.5.4.
CVE-2023-2057 allows for cross-site scripting (XSS) attacks in EyouCms version 1.5.4.
Yes, it is recommended to update EyouCms to a patched version that addresses the vulnerability.
You can find more information about CVE-2023-2057 at the following references: [Reference 1](https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS1.md), [Reference 2](https://vuldb.com/?ctiid.225942), [Reference 3](https://vuldb.com/?id.225942).