CVE-2023-2057

A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability.

Published: Apr 14, 2023
Updated: Apr 21, 2023
CVE: CVE-2023-2057
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
eyoucms / eyoucms	1.5.4	1.5.4.x

https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS1.md
https://vuldb.com/?ctiid.225942
https://vuldb.com/?id.225942

Vulnerability Database

CVE-2023-2057

Deep Security Visibility Without the Complexity