Description

A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing manipulation of the argument content results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

Related CPE's

a

eyoucms

eyoucms

Vulnerable

References

https://note-hxlab.wetolink.com/share/LNickWiRaFiF

ExploitThird Party Advisory

https://note-hxlab.wetolink.com/share/LNickWiRaFiF#-span--strong-proof-of-concept---strong---span-

ExploitThird Party Advisory

https://vuldb.com/?ctiid.339082

Permissions RequiredVDB Entry

https://vuldb.com/?id.339082

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.718480

Third Party AdvisoryVDB Entry

https://note-hxlab.wetolink.com/share/LNickWiRaFiF

ExploitThird Party Advisory

https://note-hxlab.wetolink.com/share/LNickWiRaFiF#-span--strong-proof-of-concept---strong---span-

ExploitThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-79CWE-94

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

3.5 · Low

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2025-12-31T04:16:03.670Z

3 weeks ago

Last modified

2026-01-02T14:15:58.870Z

2 weeks ago