← Back

Yzncms

yzncms

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Yzncms
yzncms

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Yzncms
1Yzncms
Jun 17, 2026
Feb 26, 2025
N/A· v4
4.4 MEDIUM· v3
N/A· v2
An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file.
1Yzncms
1Yzncms
Jun 17, 2026
Aug 21, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text fie...Show more
A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.Show less
1Yzncms
1Yzncms
Jun 17, 2026
Sep 27, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
1Yzncms
1Yzncms
Jun 17, 2026
Jul 6, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request.