Vulnerabilities (CVE)

Filtered by vendor Yzncms Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-42939 1 Yzncms 1 Yzncms 2024-08-31 N/A 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.
CVE-2023-37131 1 Yzncms 1 Yzncms 2024-02-04 N/A 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request.