Total
35 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45755 | 1 Eyoucms | 1 Eyoucms | 2023-02-18 | N/A | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. | |||||
CVE-2022-45542 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 5.4 MEDIUM |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | |||||
CVE-2022-45540 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | |||||
CVE-2022-45541 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | |||||
CVE-2022-45537 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | |||||
CVE-2022-45539 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | |||||
CVE-2022-45538 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". | |||||
CVE-2021-39428 | 1 Eyoucms | 1 Eyoucms | 2022-12-19 | N/A | 5.4 MEDIUM |
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | |||||
CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2022-11-28 | N/A | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 8.8 HIGH |
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | |||||
CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 8.8 HIGH |
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | |||||
CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 6.5 MEDIUM |
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | |||||
CVE-2022-44390 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. | |||||
CVE-2022-41500 | 1 Eyoucms | 1 Eyoucms | 2022-10-20 | N/A | 8.8 HIGH |
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | |||||
CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2022-08-22 | N/A | 8.8 HIGH |
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | |||||
CVE-2022-35509 | 1 Eyoucms | 1 Eyoucms | 2022-08-12 | N/A | 5.4 MEDIUM |
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information. | |||||
CVE-2022-33122 | 1 Eyoucms | 1 Eyoucms | 2022-06-30 | 3.5 LOW | 4.8 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. | |||||
CVE-2022-26273 | 1 Eyoucms | 1 Eyoucms | 2022-03-31 | 7.5 HIGH | 9.8 CRITICAL |
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | |||||
CVE-2022-26279 | 1 Eyoucms | 1 Eyoucms | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | |||||
CVE-2021-42194 | 1 Eyoucms | 1 Eyoucms | 2022-03-29 | 6.5 MEDIUM | 7.2 HIGH |
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. |