Eyoucms

eyoucms

Vendor: Eyoucms • 75 CVEs

CVEs (75)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45755 1Eyoucms 1Eyoucms Mar 25, 2025 Feb 8, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.
CVE-2022-45542 1Eyoucms 1Eyoucms Apr 3, 2025 Jan 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
CVE-2022-45541 1Eyoucms 1Eyoucms Apr 3, 2025 Jan 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
CVE-2022-45540 1Eyoucms 1Eyoucms Apr 3, 2025 Jan 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.
CVE-2022-45539 1Eyoucms 1Eyoucms Apr 3, 2025 Jan 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.
CVE-2022-45538 1Eyoucms 1Eyoucms Apr 3, 2025 Jan 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".
CVE-2022-45537 1Eyoucms 1Eyoucms Apr 3, 2025 Jan 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".
CVE-2021-39428 1Eyoucms 1Eyoucms Apr 21, 2025 Dec 15, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
CVE-2022-45280 1Eyoucms 1Eyoucms Apr 25, 2025 Nov 23, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-44390 1Eyoucms 1Eyoucms Nov 21, 2024 Nov 14, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.
CVE-2022-44389 1Eyoucms 1Eyoucms Apr 30, 2025 Nov 14, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information.
CVE-2022-44387 1Eyoucms 1Eyoucms Apr 30, 2025 Nov 14, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.
CVE-2022-43323 1Eyoucms 1Eyoucms Apr 30, 2025 Nov 14, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
CVE-2022-41500 1Eyoucms 1Eyoucms May 15, 2025 Oct 18, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
CVE-2022-36225 1Eyoucms 1Eyoucms Nov 21, 2024 Aug 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.
CVE-2022-35509 1Eyoucms 1Eyoucms Nov 21, 2024 Aug 10, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground...Show more An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.Show less
CVE-2022-33122 1Eyoucms 1Eyoucms Nov 21, 2024 Jun 24, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.
CVE-2022-26273 1Eyoucms 1Eyoucms Nov 21, 2024 Mar 28, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
CVE-2022-26279 1Eyoucms 1Eyoucms Nov 21, 2024 Mar 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
CVE-2021-42194 1Eyoucms 1Eyoucms Nov 21, 2024 Mar 20, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XM...Show more The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.Show less

Previous 1 234 Next