The project address: https://github.com/eyoucms/eyoucms

Vulnerability describes

Vulnerability found in Eyoucms1.4.6 and prior releases.
In the member center member contribution office, after editing the contribution content through the editor, intercept the data package, modify the parameter addonfieldext [content], and construct the payload “< img SRC=# οnerrοr=alert(document.cookie)>”

After the administrator logs in the background, when viewing the content submitted by the user, it triggers the payload to obtain the cookie information.