Vulnerability Description
A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of the argument content results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eyoucms | Eyoucms | < 1.7.8 |
Related Weaknesses (CWE)
References
- https://note-hxlab.wetolink.com/share/LNickWiRaFiFExploitThird Party Advisory
- https://note-hxlab.wetolink.com/share/LNickWiRaFiF#-span--strong-proof-of-concepExploitThird Party Advisory
- https://vuldb.com/?ctiid.339082Permissions RequiredVDB Entry
- https://vuldb.com/?id.339082Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.718480Third Party AdvisoryVDB Entry
- https://note-hxlab.wetolink.com/share/LNickWiRaFiFExploitThird Party Advisory
- https://note-hxlab.wetolink.com/share/LNickWiRaFiF#-span--strong-proof-of-concepExploitThird Party Advisory
FAQ
What is CVE-2025-15374?
CVE-2025-15374 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of th...
How severe is CVE-2025-15374?
CVE-2025-15374 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15374?
Check the references section above for vendor advisories and patch information. Affected products include: Eyoucms Eyoucms.