Vulnerabilities (CVE)

Filtered by vendor Yxcms Subscribe

Filtered by product Yxcms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-13025	1 Yxcms	1 Yxcms	2019-10-03	5.5 MEDIUM	4.9 MEDIUM
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.
CVE-2018-11003	1 Yxcms	1 Yxcms	2018-06-18	4.3 MEDIUM	6.5 MEDIUM
An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel.
CVE-2018-8805	1 Yxcms	1 Yxcms	2018-04-13	4.3 MEDIUM	6.1 MEDIUM
Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request.