Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Eyoucms Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50566 1 Eyoucms 1 Eyoucms 2023-12-27 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.
CVE-2023-48882 1 Eyoucms 1 Eyoucms 2023-12-05 N/A 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
CVE-2023-48881 1 Eyoucms 1 Eyoucms 2023-12-05 N/A 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.
CVE-2023-48880 1 Eyoucms 1 Eyoucms 2023-12-05 N/A 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
CVE-2023-46935 1 Eyoucms 1 Eyoucms 2023-11-25 N/A 5.4 MEDIUM
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
CVE-2023-41597 1 Eyoucms 1 Eyoucms 2023-11-20 N/A 6.1 MEDIUM
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.
CVE-2023-37645 1 Eyoucms 1 Eyoucms 2023-07-27 N/A 5.3 MEDIUM
eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.
CVE-2022-33122 1 Eyoucms 1 Eyoucms 2022-06-30 3.5 LOW 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.
CVE-2021-39499 1 Eyoucms 1 Eyoucms 2021-09-10 4.3 MEDIUM 6.1 MEDIUM
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
CVE-2021-39501 1 Eyoucms 1 Eyoucms 2021-09-10 5.8 MEDIUM 6.1 MEDIUM
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
CVE-2021-39496 1 Eyoucms 1 Eyoucms 2021-09-09 3.5 LOW 5.4 MEDIUM
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
CVE-2020-28146 1 Eyoucms 1 Eyoucms 2021-08-24 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
CVE-2020-20645 1 Eyoucms 1 Eyoucms 2021-08-23 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
CVE-2020-21929 1 Eyoucms 1 Eyoucms 2021-08-13 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2020-21930 1 Eyoucms 1 Eyoucms 2021-08-13 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2019-17430 1 Eyoucms 1 Eyoucms 2019-11-14 4.3 MEDIUM 6.1 MEDIUM
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.