CVE Catalog
CVE-2024-52680
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.22%
12th percentile - higher than 12% of all known CVEs
Summary
EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. An attacker can inject malicious JavaScript code that executes in the victim's browser.
Risk Assessment
The risk includes potential theft of admin session cookies, takeover of the management panel, and unauthorized operations within the CMS.
Recommendation
Immediately update EyouCMS to the latest version and apply input filtering on URL parameters. Additionally, implement Content-Security-Policy headers.
Original NVD description (English source)
EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.

