CVE-2025-15374

Medium CVSS: 5.1

A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of the argument content results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

Vendor

Eyoucms

Product

Eyoucms

CWE

CWE-79

Yayın Tarihi

2025-12-31 05:16:03

Güncelleme

2026-02-24 07:17:08

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Eyoucms MEDIUM Eyoucms 2025

Referanslar

https://note-hxlab.wetolink.com/share/LNickWiRaFiF https://note-hxlab.wetolink.com/share/LNickWiRaFiF#-span--strong-proof-of-concept---strong---span- https://vuldb.com/?ctiid.339082 https://vuldb.com/?id.339082 https://vuldb.com/?submit.718480 https://note-hxlab.wetolink.com/share/LNickWiRaFiF https://note-hxlab.wetolink.com/share/LNickWiRaFiF#-span--strong-proof-of-concept---strong---span-

Benzer Kayıtlar

Medium

CVE-2026-1107

A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.p…

Medium

CVE-2025-15375

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/a…

Medium

CVE-2025-15373

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file appli…

Medium

CVE-2025-15143

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /app…

High

CVE-2025-65868

XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted b…

Medium

CVE-2025-52335

EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive inform…