CVE-2025-15374
Cross-Site Scripting in EyouCMS Ask Module Allows Remote Attack
Publication date: 2025-12-31
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eyoucms | eyoucms | 1.7.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15374 is a Stored Cross-Site Scripting (XSS) vulnerability in EyouCMS versions up to 1.7.7, specifically in the Ask Module. It occurs because user-supplied content is improperly handled: the application uses the PHP function htmlspecialchars_decode() when rendering stored content, which reverses HTML entity encoding and allows malicious scripts to execute in other users' browsers. Authenticated attackers can inject malicious JavaScript payloads into question titles, content, answers, or replies. When other users view these pages, the scripts execute, potentially leading to security risks such as session hijacking or privilege escalation. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of users who view the affected content. Potential impacts include session hijacking through cookie theft, credential theft via fake forms, malware distribution by redirecting users, website defacement, and privilege escalation by performing actions as other users. The attack requires an authenticated user to inject the malicious payload and user interaction for the script to execute. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable Ask.php file in EyouCMS versions up to 1.7.7 and by searching for suspicious user input containing script tags or other XSS payloads in the Ask module content fields. Attackers can identify vulnerable targets using Google dorking with the query: inurl:application/home/model/Ask.php. Additionally, you can monitor HTTP requests and responses for injected scripts in the content argument of the Ask module. There are no specific commands provided, but using web application scanners or manual inspection of the Ask module's input fields for XSS payloads such as <script>alert('XSS')</script> can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating EyouCMS to version 1.7.8 or later where the vulnerability is fixed. If updating is not immediately possible, apply input sanitization by removing the use of htmlspecialchars_decode() on output, use an HTML sanitization library like HTML Purifier to clean user input before storage or output, implement a Content Security Policy (CSP) header to restrict script sources (e.g., header("Content-Security-Policy: script-src 'self'")), and perform input validation to strip dangerous HTML tags. These steps reduce the risk of malicious script execution and protect users from XSS attacks. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability enables cross-site scripting (XSS) attacks that can lead to session hijacking, credential theft, and unauthorized actions by attackers. Such security breaches can compromise the confidentiality and integrity of user data, potentially violating data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive information. Therefore, failure to remediate this vulnerability may result in non-compliance with these standards due to inadequate protection against unauthorized data access and manipulation. [2]