CVE-2020-28146

MEDIUM

Eyoucms < 1.4.7 - XSS

Title source: rule
STIX 2.1

Description

Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.

Exploits (1)

exploitdb WORKING POC
by China Banking and Insurance Information Technology Management Co. · textwebappsphp
https://www.exploit-db.com/exploits/48530

References (3)

Scores

CVSS v3 6.1
EPSS 0.0073
EPSS Percentile 72.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
eyoucms/eyoucms < 1.4.7
Published Aug 18, 2021
Tracked Since Feb 18, 2026