CVE-2023-37136

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 6, 2023

Updated: Jul 11, 2023

CWE ID 79

Summary

CVE-2023-37136 is a stored cross-site scripting (XSS) vulnerability affecting the Basic Website Information module in version 1.6.3 of eyoucms. This issue permits attackers to inject and execute arbitrary web scripts or HTML code by submitting crafted data to the affected application. Successful exploitation of this vulnerability could lead to unintended execution of malicious code in users' browsers or even session hijacking. Therefore, it is crucial for eyoucms users to promptly update to a patched version to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rz8PRK
https://www.cve.org/CVERecord?id=CVE-2023-37136
https://nvd.nist.gov/vuln/detail/CVE-2023-37136

Back to Vulnerability Database

CVE-2023-37136

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations