← Back

Xyhcms

xyhcms

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Xyhcms
xyhcms
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-21656
1Xyhcms
1Xyhcms
Jun 17, 2026
Oct 6, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.
CVE-2020-20586
1Xyhcms
1Xyhcms
Jun 17, 2026
Jul 8, 2021
N/A· v4
4.5 MEDIUM· v3
3.5 LOW· v2
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
CVE-2018-14583
1Xyhcms
1Xyhcms
Nov 21, 2024
Jul 24, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.