| 제목 | EyouCMS 1.7.7 Cross Site Scripting |
|---|
| 설명 | A Stored Cross-Site Scripting (XSS) vulnerability exists in EyouCMS ≤1.7.7 Ask (Q&A) module. The application uses htmlspecialchars_decode() function when rendering user-submitted content from the database, which reverses HTML entity encoding and allows malicious scripts to execute. An authenticated attacker can inject XSS payloads through question or answer content that will execute when other users view the page. |
|---|
| 원천 | ⚠️ https://note-hxlab.wetolink.com/share/LNickWiRaFiF |
|---|
| 사용자 | pemic (UID 93604) |
|---|
| 제출 | 2025. 12. 18. AM 08:23 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 30. PM 07:46 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 339082 [EyouCMS 까지 1.7.7 Ask Module Ask.php content 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|