First published: Thu Jul 06 2023(Updated: )
A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eyoucms Eyoucms | =1.6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-37132 is medium with a CVSS score of 5.4.
CVE-2023-37132 affects eyoucms v1.6.3 through a stored cross-site scripting (XSS) vulnerability in the custom variables module.
Attackers can exploit CVE-2023-37132 by executing arbitrary web scripts or HTML via a crafted payload.
Yes, a fix for CVE-2023-37132 is available. It is recommended to update to a patched version of eyoucms.
More information about CVE-2023-37132 can be found at the following reference: [GitHub Issue](https://github.com/weng-xianhu/eyoucms/issues/45)