CVE-2025-15374 is a cross-site scripting vulnerability identified in EyouCMS, a content management system, affecting all versions up to 1.7.7. The flaw exists in the Ask module, specifically within an unspecified function in the file application/home/model/Ask.php. The vulnerability is triggered by manipulating the 'content' argument, which is improperly sanitized, allowing an attacker to inject malicious JavaScript code. This XSS vulnerability is remotely exploitable without requiring authentication, but it necessitates user interaction, such as a victim visiting a maliciously crafted URL or viewing manipulated content within the CMS interface. The vulnerability can lead to the execution of arbitrary scripts in the context of the victim’s browser, potentially enabling session hijacking, defacement, or redirection to malicious sites. The vendor has acknowledged the vulnerability and is preparing a patch in version 1.7.8. The CVSS 4.0 base score is 5.1 (medium severity), reflecting network attack vector, low complexity, no privileges required, but requiring user interaction and limited impact on confidentiality and integrity. Although no active exploits have been observed in the wild, the public availability of exploit code increases the likelihood of exploitation attempts. Organizations using EyouCMS should monitor for suspicious activity and prepare to deploy the vendor’s patch promptly.

For European organizations, this vulnerability poses a moderate risk primarily to web applications running EyouCMS versions up to 1.7.7, especially those exposing the Ask module to external users. Successful exploitation could lead to session hijacking, unauthorized actions performed on behalf of users, theft of sensitive information, or distribution of malware via injected scripts. This can damage organizational reputation, lead to data breaches, and disrupt services. Given the public availability of exploit code, attackers may target European entities with public-facing EyouCMS installations, particularly in sectors relying on interactive web content such as education, media, and government portals. The impact is heightened in environments where users have elevated privileges or where sensitive data is accessible through the vulnerable module. However, the lack of privilege requirements and the need for user interaction somewhat limit the scope of impact compared to more severe vulnerabilities.

European organizations should immediately inventory their EyouCMS deployments to identify affected versions (1.7.0 through 1.7.7). They should prioritize upgrading to version 1.7.8 once released by the vendor. Until patching is complete, implement web application firewall (WAF) rules to detect and block typical XSS payloads targeting the Ask module. Employ Content Security Policy (CSP) headers to restrict script execution and reduce the impact of injected scripts. Conduct user awareness campaigns to caution users against clicking suspicious links or interacting with untrusted content. Review and harden input validation and output encoding practices within custom modules or templates interfacing with the Ask module. Regularly monitor logs and web traffic for anomalous requests indicative of exploitation attempts. Consider isolating or disabling the Ask module if it is not critical to operations. Finally, maintain up-to-date backups and incident response plans to quickly recover from potential compromises.