Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Eyoucms Subscribe
Filtered by product Eyoucms
Total 53 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39501 1 Eyoucms 1 Eyoucms 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
CVE-2020-19669 1 Eyoucms 1 Eyoucms 2024-02-04 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
CVE-2020-20645 1 Eyoucms 1 Eyoucms 2024-02-04 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
CVE-2020-21929 1 Eyoucms 1 Eyoucms 2024-02-04 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2021-39496 1 Eyoucms 1 Eyoucms 2024-02-04 3.5 LOW 5.4 MEDIUM
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
CVE-2020-21930 1 Eyoucms 1 Eyoucms 2024-02-04 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2020-18129 1 Eyoucms 1 Eyoucms 2024-02-04 6.8 MEDIUM 8.8 HIGH
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.
CVE-2019-17430 1 Eyoucms 1 Eyoucms 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.
CVE-2024-23034 1 Eyoucms 1 Eyoucms 2024-02-02 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-23033 1 Eyoucms 1 Eyoucms 2024-02-02 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-23032 1 Eyoucms 1 Eyoucms 2024-02-02 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-23031 1 Eyoucms 1 Eyoucms 2024-02-02 N/A 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-22927 1 Eyoucms 1 Eyoucms 2024-02-02 N/A 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.