Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-37134: EyouCMS V1.6.3 "Basic Information" module has a storage cross-site vulnerability · Issue #47 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE
Open in Source
#xss#vulnerability#web#git#java

EyouCMS V1.6.3 “Basic Information” module has a storage cross-site vulnerability
A bug was found. stored xss vulnerability exists.
Only test in the test environment, do not do any illegal operations, now the bug feedback to the manufacturer
Software Link :https://github.com/weng-xianhu/eyoucms
Website : http://www.eyoucms.com/

Insert the poc into the website information module of the background system
Here you can fill in malicious JavaScript code to cause stored xss

Causes stored XSS to steal sensitive information of logged-in users

Poc:<svg/onload=alert(“xss”)>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE