CVE-2023-2057 LOW

CVE-2023-2057: EyouCms New Picture cross site scripting

Vendor N/A
Product EyouCms
Weakness CWE-79 · XSS
Published April 14, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

2.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

April 14, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-4975 code-projects Simple Chat System Message cross site scripting CVE-2025-53497 Stored XSS in RelatedArticles CVE-2024-3266 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute CVE-2025-53238 WordPress Toast Mobile Menu plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability CVE-2024-56025 WordPress AdWork Media EZ Content Locker plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability