Filtered by vendor Yxcms
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13025 | 1 Yxcms | 1 Yxcms | 2019-10-03 | 5.5 MEDIUM | 4.9 MEDIUM |
| protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. | |||||
| CVE-2018-11003 | 1 Yxcms | 1 Yxcms | 2018-06-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. | |||||
| CVE-2018-8805 | 1 Yxcms | 1 Yxcms | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. | |||||