.. / CVE-2024-22927

Exploit for eyoucms v.1.6.5 - Cross-Site Scripting (CVE-2024-22927)

Description:

Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.

Nuclei Template

View the template here CVE-2024-22927.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-22927.yaml
Copy

References:

https://github.com/weng-xianhu/eyoucms/issues/57
https://nvd.nist.gov/vuln/detail/CVE-2024-22927