Filtered by vendor Hyweb
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22849 | 1 Hyweb | 1 Hycms-j1 | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack. | |||||
| CVE-2021-22847 | 1 Hyweb | 1 Hycms-j1 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege. | |||||