CVE Catalog

CVE-2024-52680

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. An attacker can inject malicious JavaScript code that executes in the victim's browser.

Risk Assessment

The risk includes potential theft of admin session cookies, takeover of the management panel, and unauthorized operations within the CMS.

Recommendation

Immediately update EyouCMS to the latest version and apply input filtering on URL parameters. Additionally, implement Content-Security-Policy headers.

Original NVD description (English source)

EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS