EUVD-2026-17769
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Stored cross-site scripting (XSS) in GouguCMS 4.08.18 allows authenticated remote attackers to inject malicious scripts via the value.content parameter in the Record Endpoint (\gougucms-master\app\admin\view\user\record.html), which are executed in the context of other users' browsers. The vulnerability has a publicly available exploit and affects user record management functionality with low CVSS score (3.5) due to requirement for user interaction and authenticated access, though the vendor has not responded to disclosure.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today