Yzmcms

yzmcms

Vendor: Yzmcms • 47 CVEs

CVEs (47)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-19118 1Yzmcms 1Yzmcms Nov 21, 2024 Jul 30, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.
CVE-2020-35972 1Yzmcms 1Yzmcms Nov 21, 2024 Jun 3, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.
CVE-2020-35971 1Yzmcms 1Yzmcms Nov 21, 2024 Jun 3, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.
CVE-2020-35970 1Yzmcms 1Yzmcms Nov 21, 2024 Jun 3, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
CVE-2020-23370 1Yzmcms 1Yzmcms Nov 21, 2024 May 10, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web scrip...Show more In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.Show less
CVE-2020-23369 1Yzmcms 1Yzmcms Nov 21, 2024 May 10, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-18084 1Yzmcms 1Yzmcms Nov 21, 2024 Apr 30, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.
CVE-2020-22394 1Yzmcms 1Yzmcms Nov 21, 2024 Nov 19, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.
CVE-2019-16532 1Yzmcms 1Yzmcms Nov 21, 2024 Sep 26, 2019 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.
CVE-2019-16678 1Yzmcms 1Yzmcms Nov 21, 2024 Sep 21, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2018-16247 1Yzmcms 1Yzmcms Nov 21, 2024 Jun 20, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.
CVE-2019-9661 1Yzmcms 1Yzmcms Nov 21, 2024 Mar 11, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
CVE-2019-9660 1Yzmcms 1Yzmcms Nov 21, 2024 Mar 11, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.
CVE-2019-9570 1Yzmcms 1Yzmcms Nov 21, 2024 Mar 5, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter.
CVE-2018-20015 1Yzmcms 1Yzmcms Nov 21, 2024 Dec 10, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 YzmCMS v5.2 has admin/role/add.html CSRF.
CVE-2018-19849 1Yzmcms 1Yzmcms Nov 21, 2024 Dec 4, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
CVE-2018-19092 1Yzmcms 1Yzmcms Nov 21, 2024 Nov 7, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's c...Show more An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.Show less
CVE-2018-17044 1Yzmcms 1Yzmcms Nov 21, 2024 Sep 14, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.
CVE-2018-11554 1Yzmcms 1Yzmcms Nov 21, 2024 Jun 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which...Show more The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.Show less
CVE-2018-10224 1Yzmcms 1Yzmcms Nov 21, 2024 Apr 19, 2018 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.

Previous 123 Next