VDB-339082 · CVE-2025-15374 · GCVE-100-339082

EyouCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.7.7 Ask Module Ask.php content କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame EyouCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.7.7 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii application/home/model/Ask.php keessa kutaa Ask Module keessa. Dhugumatti jijjiirraa irratti raawwatame content gara କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-79 si geessa. Beekumsi kun yeroo 12/30/2025 ifoomsifameera. Odeeffannoon kun buufachuuf note-hxlab.wetolink.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-15374 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana note-hxlab.wetolink.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Once again VulDB remains the best source for vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 96 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/30/2025 07:51 PM	ଅଦ୍ୟତନ 1/1 01/01/2026 07:40 AM
software_name	EyouCMS	EyouCMS
software_version	<=1.7.7	<=1.7.7
software_component	Ask Module	Ask Module
software_file	application/home/model/Ask.php	application/home/model/Ask.php
software_argument	content	content
vulnerability_cwe	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)
vulnerability_risk	1	1
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	L	L
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	N	N
cvss3_vuldb_i	L	L
cvss3_vuldb_a	N	N
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	C	C
advisory_url	https://note-hxlab.wetolink.com/share/LNickWiRaFiF	https://note-hxlab.wetolink.com/share/LNickWiRaFiF
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://note-hxlab.wetolink.com/share/LNickWiRaFiF#-span--strong-proof-of-concept---strong---span-	https://note-hxlab.wetolink.com/share/LNickWiRaFiF#-span--strong-proof-of-concept---strong---span-
source_cve	CVE-2025-15374	CVE-2025-15374
cna_responsible	VulDB	VulDB
response_summary	The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".	The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	N	N
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	N	N
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	C	C
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_pr	L	L
cvss4_vuldb_ui	P	P
cvss4_vuldb_vc	N	N
cvss4_vuldb_vi	L	L
cvss4_vuldb_va	N	N
cvss4_vuldb_e	P	P
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	4.0	4.0
cvss2_vuldb_tempscore	3.6	3.6
cvss3_vuldb_basescore	3.5	3.5
cvss3_vuldb_tempscore	3.3	3.3
cvss3_meta_basescore	3.5	4.1
cvss3_meta_tempscore	3.3	4.1
cvss4_vuldb_bscore	5.1	5.1
cvss4_vuldb_btscore	2.0	2.0
advisory_date	1767049200 (12/30/2025)	1767049200 (12/30/2025)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing manipulation of the argument content results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L
cvss4_cna_ui		P
cvss4_cna_vc		N
cvss4_cna_vi		L
cvss4_cna_va		N
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		5.1
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		R
cvss3_cna_s		U
cvss3_cna_c		N
cvss3_cna_i		L
cvss3_cna_a		N
cvss3_cna_basescore		3.5
cvss3_nvd_av		N
cvss3_nvd_ac		L
cvss3_nvd_pr		L
cvss3_nvd_ui		R
cvss3_nvd_s		C
cvss3_nvd_c		L
cvss3_nvd_i		L
cvss3_nvd_a		N
cvss3_nvd_basescore		5.4
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		N
cvss2_cna_ii		P
cvss2_cna_ai		N
cvss2_cna_basescore		4

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Interested in the pricing of exploits?

See the underground prices here!