Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Yzmcms Subscribe
Total 37 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16532 1 Yzmcms 1 Yzmcms 2019-09-28 5.8 MEDIUM 6.1 MEDIUM
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.
CVE-2019-16678 1 Yzmcms 1 Yzmcms 2019-09-23 4.3 MEDIUM 6.5 MEDIUM
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2018-16247 1 Yzmcms 1 Yzmcms 2019-06-20 3.5 LOW 5.4 MEDIUM
YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.
CVE-2018-7653 1 Yzmcms 1 Yzmcms 2019-06-10 4.3 MEDIUM 6.1 MEDIUM
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
CVE-2019-9660 1 Yzmcms 1 Yzmcms 2019-03-11 3.5 LOW 4.8 MEDIUM
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.
CVE-2019-9661 1 Yzmcms 1 Yzmcms 2019-03-11 3.5 LOW 4.8 MEDIUM
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
CVE-2019-9570 1 Yzmcms 1 Yzmcms 2019-03-05 3.5 LOW 4.8 MEDIUM
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter.
CVE-2018-20015 1 Yzmcms 1 Yzmcms 2019-01-03 6.8 MEDIUM 8.8 HIGH
YzmCMS v5.2 has admin/role/add.html CSRF.
CVE-2018-19849 1 Yzmcms 1 Yzmcms 2018-12-31 3.5 LOW 4.8 MEDIUM
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
CVE-2018-19092 1 Yzmcms 1 Yzmcms 2018-12-13 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.
CVE-2018-17044 1 Yzmcms 1 Yzmcms 2018-11-09 3.5 LOW 4.8 MEDIUM
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.
CVE-2018-11554 1 Yzmcms 1 Yzmcms 2018-07-31 7.5 HIGH 9.8 CRITICAL
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
CVE-2018-10224 1 Yzmcms 1 Yzmcms 2018-05-17 6.0 MEDIUM 6.8 MEDIUM
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.
CVE-2018-10223 1 Yzmcms 1 Yzmcms 2018-05-17 6.0 MEDIUM 6.8 MEDIUM
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
CVE-2018-10026 1 Yzmcms 1 Yzmcms 2018-05-16 3.5 LOW 4.8 MEDIUM
The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.
CVE-2018-8078 1 Yzmcms 1 Yzmcms 2018-03-29 3.5 LOW 5.4 MEDIUM
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.
CVE-2018-7579 1 Yzmcms 1 Yzmcms 2018-03-22 6.5 MEDIUM 7.2 HIGH
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.