CVE-2024-22927 Scanner
CVE-2024-22927 scanner - Cross-Site Scripting (XSS) vulnerability in eyoucms
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
Eyoucms is a content management system used by developers and website administrators for creating and managing web content. It is popular among small to medium-sized businesses for its ease of use and flexibility. Eyoucms allows users to design, develop, and deploy websites with minimal technical expertise. It is commonly used for building blogs, e-commerce sites, and corporate websites. The system provides various plugins and themes to extend its functionality.
The vulnerability detected in eyoucms v.1.6.5 is a Cross-Site Scripting (XSS) flaw. This allows attackers to execute arbitrary scripts in the context of the user's browser. The malicious script can hijack user sessions, deface websites, or redirect users to malicious sites. It poses a significant security risk by enabling attackers to manipulate web content and perform phishing attacks.
The XSS vulnerability is found in the "func" parameter of the eyoucms application. An attacker can craft a malicious URL that, when accessed, executes arbitrary scripts in the victim's browser. The vulnerability resides in the improper sanitization of user input, allowing script injection. This issue is present in the POST request to the endpoint "/login.php?a=get_upload_list&c=Uploadimgnew". The lack of proper input validation and output encoding makes the application susceptible to XSS attacks.
Exploitation of this vulnerability can lead to severe consequences. Attackers can hijack user sessions and gain unauthorized access to sensitive information. They can perform defacement attacks, altering website content to mislead or harm users. Additionally, attackers can use the vulnerability to execute phishing attacks by redirecting users to malicious websites. Overall, this can compromise the integrity and confidentiality of the affected web application and its users.
Join S4E to safeguard your digital assets with comprehensive vulnerability scanning. Our platform helps you identify and mitigate risks like Cross-Site Scripting (XSS) in eyoucms, ensuring the security of your web applications. Gain insights into potential vulnerabilities, receive detailed remediation steps, and maintain the integrity of your online presence. Sign up now to leverage advanced security tools and protect your business from cyber threats.
References: