Home

Description

A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing manipulation of the argument content results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

PUBLISHED Reserved 2025-12-30 | Published 2025-12-31 | Updated 2025-12-31 | Assigner VulDB




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C
LOW: 3.5CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C
4.0AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:C

Problem types

Cross Site Scripting

Code Injection

Timeline

2025-12-30:Advisory disclosed
2025-12-30:VulDB entry created
2025-12-30:VulDB entry last update

Credits

pemic (VulDB User) reporter

References

vuldb.com/?id.339082 (VDB-339082 | EyouCMS Ask Module Ask.php cross site scripting) vdb-entry technical-description

vuldb.com/?ctiid.339082 (VDB-339082 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.718480 (Submit #718480 | EyouCMS 1.7.7 Cross Site Scripting) third-party-advisory

note-hxlab.wetolink.com/share/LNickWiRaFiF related

note-hxlab.wetolink.com/share/LNickWiRaFiF exploit

cve.org (CVE-2025-15374)

nvd.nist.gov (CVE-2025-15374)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.