EyouCMS Stored Cross-Site Scripting Vulnerability in Ask Module

A stored cross-site scripting vulnerability has been identified in EyouCMS versions through 1.7.7, specifically within the Ask module. The issue arises from improper output encoding, where user-generated content is decoded using 'htmlspecialchars_decode()' before being displayed in the browser. This flaw allows authenticated attackers to inject malicious scripts into question or answer content, which are then executed when other users view the page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the content. This could lead to session hijacking, credential theft, distribution of malware, defacement of pages, or privilege escalation by performing actions as other users.

Reproduction

To reproduce this vulnerability, an authenticated user must log into the EyouCMS application and navigate to the Ask module. Once there, they can create a new question or answer and include a script payload, such as a simple script tag with JavaScript code or an image tag with an event handler. After submitting the content, the injected script will execute when the page is viewed by any user.

Remediation

Users are advised to update to EyouCMS version 1.7.8 or later, where this vulnerability has been fixed.