Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-37136: EyouCMS V1.6.3 "Basic Website Information" module has cross-site storage vulnerability · Issue #49 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE
Open in Source
#xss#vulnerability#web#git#java

EyouCMS V1.6.3 “Basic Website Information” module has cross-site storage vulnerability
A bug was found. stored xss vulnerability exists.
Only test in the test environment, do not do any illegal operations, now the bug feedback to the manufacturer
Software Link :https://github.com/weng-xianhu/eyoucms
Website : http://www.eyoucms.com/

If you insert the poc into the Basic Information module of the background system and execute the poc script, xss attacks will occur
Here you can fill in malicious JavaScript code to cause stored xss

Causes stored XSS to steal sensitive information of logged-in users

Poc: <script>alert(“xss”)</script>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE