Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36093 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | N/A | 5.4 MEDIUM |
| There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 | |||||
| CVE-2023-31708 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | |||||
| CVE-2023-37136 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-45755 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. | |||||
| CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-39428 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | |||||
| CVE-2022-41500 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | |||||
| CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | N/A | 8.8 HIGH |
| EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | |||||
| CVE-2022-35509 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | N/A | 5.4 MEDIUM |
| An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information. | |||||
| CVE-2022-33122 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. | |||||
| CVE-2022-26279 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | |||||
| CVE-2022-26273 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | |||||
| CVE-2021-42194 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | |||||
| CVE-2020-24000 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. | |||||
| CVE-2021-46255 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename. | |||||
| CVE-2020-28146 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. | |||||
| CVE-2021-39497 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. | |||||
| CVE-2021-39500 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories. | |||||
| CVE-2020-20642 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | |||||
| CVE-2021-39499 | 1 Eyoucms | 1 Eyoucms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | |||||