Headline
CVE-2023-37135: EyouCMS V1.6.3 "Image Upload" module has cross-site storage vulnerability · Issue #48 · weng-xianhu/eyoucms
A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
EyouCMS V1.6.3 “Image Upload” module has cross-site storage vulnerability
A bug was found. stored xss vulnerability exists.
Only test in the test environment, do not do any illegal operations, now the bug feedback to the manufacturer.
Software Link :https://github.com/weng-xianhu/eyoucms
Website : http://www.eyoucms.com/
Insert the poc into the picture upload module of the background system to modify the grouping information
Here you can fill in malicious JavaScript code to cause stored xss
Causes stored XSS to steal sensitive information of logged-in users
Poc:<img src=a onerror=alert(‘xss’)>