Headline
CVE-2023-50566: EyouCMS-V1.6.5-UTF8-SP1 has a stored XSS vulnerability · Issue #56 · weng-xianhu/eyoucms
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.
Version : V1.6.5
Vulnerability point 1:
“基本信息”->"备案号"&“公安备案号”->"代码模式",HTML code can be edited directly:
Vulnerability point 2:
“广告管理”:
Vulnerability point 3:
In rich text editing, the front end will automatically add http to the hyperlink, but it can be bypassed by capturing the packet:
Delete http://