| عنوان | EyouCMS 1.7.7 Cross Site Scripting |
|---|
| الوصف | A Stored Cross-Site Scripting (XSS) vulnerability exists in EyouCMS ≤1.7.7 Ask (Q&A) module. The application uses htmlspecialchars_decode() function when rendering user-submitted content from the database, which reverses HTML entity encoding and allows malicious scripts to execute. An authenticated attacker can inject XSS payloads through question or answer content that will execute when other users view the page. |
|---|
| المصدر | ⚠️ https://note-hxlab.wetolink.com/share/LNickWiRaFiF |
|---|
| المستخدم | pemic (UID 93604) |
|---|
| ارسال | 18/12/2025 08:23 AM (6 أشهر منذ) |
|---|
| الاعتدال | 30/12/2025 07:46 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 339082 [EyouCMS حتى 1.7.7 Ask Module Ask.php content البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|