Filtered by vendor Yzmcms
Subscribe
Search
Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23595 | 1 Yzmcms | 1 Yzmcms | 2023-08-17 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | |||||
| CVE-2022-23384 | 1 Yzmcms | 1 Yzmcms | 2022-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add | |||||
| CVE-2018-7479 | 1 Yzmcms | 1 Yzmcms | 2022-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php. | |||||
| CVE-2022-23889 | 1 Yzmcms | 1 Yzmcms | 2022-02-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments. | |||||
| CVE-2022-23888 | 1 Yzmcms | 1 Yzmcms | 2022-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html. | |||||
| CVE-2022-23887 | 1 Yzmcms | 1 Yzmcms | 2022-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete. | |||||
| CVE-2020-19951 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | |||||
| CVE-2020-19950 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-19949 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-20341 | 1 Yzmcms | 1 Yzmcms | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | |||||
| CVE-2020-19118 | 1 Yzmcms | 1 Yzmcms | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | |||||
| CVE-2020-35970 | 1 Yzmcms | 1 Yzmcms | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read. | |||||
| CVE-2020-35972 | 1 Yzmcms | 1 Yzmcms | 2021-06-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html. | |||||
| CVE-2020-35971 | 1 Yzmcms | 1 Yzmcms | 2021-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page. | |||||
| CVE-2020-23370 | 1 Yzmcms | 1 Yzmcms | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML. | |||||
| CVE-2020-23369 | 1 Yzmcms | 1 Yzmcms | 2021-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3. | |||||
| CVE-2020-18084 | 1 Yzmcms | 1 Yzmcms | 2021-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in. | |||||
| CVE-2020-22394 | 1 Yzmcms | 1 Yzmcms | 2020-11-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2018-8756 | 1 Yzmcms | 1 Yzmcms | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request. | |||||
| CVE-2019-16532 | 1 Yzmcms | 1 Yzmcms | 2019-09-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections. | |||||
| CVE-2019-16678 | 1 Yzmcms | 1 Yzmcms | 2019-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | |||||
| CVE-2018-16247 | 1 Yzmcms | 1 Yzmcms | 2019-06-20 | 3.5 LOW | 5.4 MEDIUM |
| YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter. | |||||
| CVE-2018-7653 | 1 Yzmcms | 1 Yzmcms | 2019-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. | |||||
| CVE-2019-9661 | 1 Yzmcms | 1 Yzmcms | 2019-03-11 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter, | |||||
| CVE-2019-9660 | 1 Yzmcms | 1 Yzmcms | 2019-03-11 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter. | |||||
| CVE-2019-9570 | 1 Yzmcms | 1 Yzmcms | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. | |||||
| CVE-2018-20015 | 1 Yzmcms | 1 Yzmcms | 2019-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| YzmCMS v5.2 has admin/role/add.html CSRF. | |||||
| CVE-2018-19849 | 1 Yzmcms | 1 Yzmcms | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. | |||||
| CVE-2018-19092 | 1 Yzmcms | 1 Yzmcms | 2018-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie. | |||||
| CVE-2018-17044 | 1 Yzmcms | 1 Yzmcms | 2018-11-09 | 3.5 LOW | 4.8 MEDIUM |
| In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. | |||||
| CVE-2018-11554 | 1 Yzmcms | 1 Yzmcms | 2018-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | |||||
| CVE-2018-10224 | 1 Yzmcms | 1 Yzmcms | 2018-05-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html. | |||||
| CVE-2018-10223 | 1 Yzmcms | 1 Yzmcms | 2018-05-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html. | |||||
| CVE-2018-10026 | 1 Yzmcms | 1 Yzmcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. | |||||
| CVE-2018-8078 | 1 Yzmcms | 1 Yzmcms | 2018-03-29 | 3.5 LOW | 5.4 MEDIUM |
| YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | |||||
| CVE-2018-7579 | 1 Yzmcms | 1 Yzmcms | 2018-03-22 | 6.5 MEDIUM | 7.2 HIGH |
| \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. | |||||