CVE-2021-39428

Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt