CVE-2024-22927
published 2024-02-01CVE-2024-22927: Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.03%
59.3th percentile
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eyoucms | eyoucms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/login.php?a=get_upload_list&c=Uploadimgnew&info=eyJudW0iOiIxXCI%2BPFNjUmlQdCA%2BYWxlcnQoZG9jdW1lbnQuZG9tYWluKTwvU2NSaVB0PiIsInNpemUiOiIyMDk3MTUyIiwiaW5wdXQiOiIiLCJmdW5jIjoiaGVhZF9waWNfY2FsbF9iYWNrIiwicGF0aCI6ImFsbGltZyIsImlzX3dhdGVyIjoiMSIsImFsZyI6IkhTMjU2In0&lang=cn&m=admin&unneed_syn=↗
- →Exploit is delivered via HTTP POST to /login.php with query parameters a=get_upload_list, c=Uploadimgnew, m=admin, and a base64-encoded JSON payload in the 'info' parameter containing the XSS payload in the 'num' field. ↗
- →Successful exploitation is confirmed by the presence of both 'name="num" value="1">alert(document.domain)' and 'id="eytime"' in the HTTP response body with a 200 status code and text/html content-type. ↗
- →The vulnerable endpoint is the 'func' parameter within the base64-encoded JSON 'info' value; the decoded payload sets func=head_pic_call_back and injects a <ScRiPt> XSS tag into the 'num' field. ↗
- →FOFA fingerprinting query for identifying exposed eyoucms instances: title="eyoucms" ↗
- ·The XSS payload is embedded inside a base64-encoded JSON object passed in the 'info' query parameter. The decoded JSON is: {"num":"1\"><ScRiPt >alert(document.domain)</ScRiPt>","size":"2097152","input":"","func":"head_pic_call_back","path":"allimg","is_water":"1","alg":"HS256"}. Detection rules must account for base64-encoded variants of the payload. ↗
- ·The vulnerability is specific to eyoucms version 1.6.5; the CPE is cpe:2.3:a:eyoucms:eyoucms:1.6.5:*:*:*:*:*:*:*. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qh6x-9qph-mmv5: Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v
ghsa_unreviewed·2024-02-02
CVE-2024-22927 [MEDIUM] CWE-79 GHSA-qh6x-9qph-mmv5: Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
VulnCheck
eyoucms eyoucms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2024·CVSS 6.1
CVE-2024-22927 [MEDIUM] eyoucms eyoucms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
eyoucms eyoucms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Affected: eyoucms eyoucms
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-04-21&host_type=src&vulnerability=cve-2024-22927
No detection rules found.
Nuclei
eyoucms v.1.6.5 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-22927 [MEDIUM] eyoucms v.1.6.5 - Cross-Site Scripting
eyoucms v.1.6.5 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Template:
id: CVE-2024-22927
info:
name: eyoucms v.1.6.5 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
impact: |
Allows attackers to execute malicious scripts on the victim's browser.
remediation: |
Upgrade eyoucms to version 1.6.6 or later to fix the XSS vulnerability.
reference:
- https://github.com/weng-xianhu/eyoucms/issues/57
- https://nvd.nist.gov/vuln/detail/CVE-2024-22927
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:
No writeups or analysis indexed.
2024-02-01
Published
Exploited in the wild