Submit #718480: EyouCMS 1.7.7 Cross Site Scriptinginfo

TitleEyouCMS 1.7.7 Cross Site Scripting
DescriptionA Stored Cross-Site Scripting (XSS) vulnerability exists in EyouCMS ≤1.7.7 Ask (Q&A) module. The application uses htmlspecialchars_decode() function when rendering user-submitted content from the database, which reverses HTML entity encoding and allows malicious scripts to execute. An authenticated attacker can inject XSS payloads through question or answer content that will execute when other users view the page.
Source⚠️ https://note-hxlab.wetolink.com/share/LNickWiRaFiF
User
 pemic (UID 93604)
Submission12/18/2025 08:23 (6 months ago)
Moderation12/30/2025 19:46 (12 days later)
StatusAccepted
VulDB entry339082 [EyouCMS up to 1.7.7 Ask Module Ask.php content cross site scripting]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!