'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:eyoucms_xss_vulnerability(Rule ID:1070210378)

Release Date2025/9/15

Rule NameCVE-2024-22927:EyouCms v.1.6.5 XSS Vulnerability

Severity:mid

CVE IDCVE-2024-22927

 

Descripiton

EyouCms (EasyCMS) is an open-source content management system (CMS) based on ThinkPHP developed by Zanzan Network Technology Company in China. EyouCms v.1.6.5 version has a cross site scripting vulnerability, which arises from the cross site scripting vulnerability in the func parameter, allowing remote attackers to run arbitrary code through carefully crafted URLs. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.