Search
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50566 | 1 Eyoucms | 1 Eyoucms | 2023-12-27 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter. | |||||
| CVE-2023-48882 | 1 Eyoucms | 1 Eyoucms | 2023-12-05 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | |||||
| CVE-2023-48881 | 1 Eyoucms | 1 Eyoucms | 2023-12-05 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. | |||||
| CVE-2023-48880 | 1 Eyoucms | 1 Eyoucms | 2023-12-05 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | |||||
| CVE-2023-46935 | 1 Eyoucms | 1 Eyoucms | 2023-11-25 | N/A | 5.4 MEDIUM |
| eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. | |||||
| CVE-2023-41597 | 1 Eyoucms | 1 Eyoucms | 2023-11-20 | N/A | 6.1 MEDIUM |
| EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. | |||||
| CVE-2022-26279 | 1 Eyoucms | 1 Eyoucms | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | |||||
| CVE-2023-37645 | 1 Eyoucms | 1 Eyoucms | 2023-07-27 | N/A | 5.3 MEDIUM |
| eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt. | |||||
| CVE-2022-33122 | 1 Eyoucms | 1 Eyoucms | 2022-06-30 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. | |||||
| CVE-2021-46255 | 1 Eyoucms | 1 Eyoucms | 2022-01-21 | 5.5 MEDIUM | 8.1 HIGH |
| eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename. | |||||
| CVE-2020-24000 | 1 Eyoucms | 1 Eyoucms | 2021-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. | |||||
| CVE-2021-39500 | 1 Eyoucms | 1 Eyoucms | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories. | |||||
| CVE-2021-39497 | 1 Eyoucms | 1 Eyoucms | 2021-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. | |||||
| CVE-2021-39499 | 1 Eyoucms | 1 Eyoucms | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | |||||
| CVE-2021-39501 | 1 Eyoucms | 1 Eyoucms | 2021-09-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function. | |||||
| CVE-2021-39496 | 1 Eyoucms | 1 Eyoucms | 2021-09-09 | 3.5 LOW | 5.4 MEDIUM |
| Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. | |||||
| CVE-2020-28146 | 1 Eyoucms | 1 Eyoucms | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. | |||||
| CVE-2020-19669 | 1 Eyoucms | 1 Eyoucms | 2021-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. | |||||
| CVE-2020-20645 | 1 Eyoucms | 1 Eyoucms | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area. | |||||
| CVE-2020-20642 | 1 Eyoucms | 1 Eyoucms | 2021-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | |||||
| CVE-2020-21929 | 1 Eyoucms | 1 Eyoucms | 2021-08-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-21930 | 1 Eyoucms | 1 Eyoucms | 2021-08-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-18129 | 1 Eyoucms | 1 Eyoucms | 2020-10-27 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | |||||
| CVE-2019-17430 | 1 Eyoucms | 1 Eyoucms | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | |||||