Eyoucms

eyoucms

Vendor: Eyoucms • 75 CVEs

CVEs (75)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-48882 1Eyoucms 1Eyoucms Nov 21, 2024 Nov 29, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=adm...Show more A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.Show less
CVE-2023-48881 1Eyoucms 1Eyoucms Nov 21, 2024 Nov 29, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Fie...Show more A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.Show less
CVE-2023-48880 1Eyoucms 1Eyoucms Nov 21, 2024 Nov 29, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index...Show more A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.Show less
CVE-2023-46935 1Eyoucms 1Eyoucms Nov 21, 2024 Nov 21, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
CVE-2023-41597 1Eyoucms 1Eyoucms Nov 21, 2024 Nov 15, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.
CVE-2023-37645 1Eyoucms 1Eyoucms Nov 21, 2024 Jul 20, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.
CVE-2023-37136 1Eyoucms 1Eyoucms Nov 21, 2024 Jul 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37135 1Eyoucms 1Eyoucms Nov 21, 2024 Jul 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37134 1Eyoucms 1Eyoucms Nov 21, 2024 Jul 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37133 1Eyoucms 1Eyoucms Nov 21, 2024 Jul 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37132 1Eyoucms 1Eyoucms Nov 21, 2024 Jul 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-36093 1Eyoucms 1Eyoucms Nov 21, 2024 Jun 22, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
CVE-2023-34657 1Eyoucms 1Eyoucms Dec 12, 2024 Jun 19, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
CVE-2023-33492 1Eyoucms 1Eyoucms Nov 21, 2024 Jun 12, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-31708 1Eyoucms 1Eyoucms Jan 21, 2025 May 23, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
CVE-2023-30125 1Eyoucms 1Eyoucms Jan 31, 2025 Apr 28, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-2058 1Eyoucms 1Eyoucms Nov 21, 2024 Apr 14, 2023 N/A· v4 6.1 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of...Show more A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225943.Show less
CVE-2023-2057 1Eyoucms 1Eyoucms Nov 21, 2024 Apr 14, 2023 N/A· v4 6.1 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of...Show more A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability.Show less
CVE-2023-1799 1Eyoucms 1Eyoucms Nov 21, 2024 Apr 2, 2023 N/A· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is po...Show more A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751.Show less
CVE-2023-1798 1Eyoucms 1Eyoucms Nov 21, 2024 Apr 2, 2023 N/A· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to...Show more A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability.Show less

Previous 123 4 Next