VYPR

Eyoucms

by Eyoucms

CVEs (77)

  • CVE-2023-42286Mar 14, 2024
    risk 0.00cvss epss 0.01

    There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.

  • CVE-2024-23033Feb 1, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.

  • CVE-2024-23032Feb 1, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.

  • CVE-2024-23031Feb 1, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.

  • CVE-2024-23034Feb 1, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.

  • CVE-2023-50566Dec 14, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.

  • CVE-2023-48882Nov 29, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

  • CVE-2023-48880Nov 29, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

  • CVE-2023-48881Nov 29, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.

  • CVE-2023-46935Nov 21, 2023
    risk 0.00cvss epss 0.00

    eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.

  • CVE-2023-37136Jul 6, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2023-37133Jul 6, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2023-37134Jul 6, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2023-37132Jul 6, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2023-37135Jul 6, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2023-36093Jun 22, 2023
    risk 0.00cvss epss 0.00

    There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3

  • CVE-2023-34657Jun 19, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.

  • CVE-2023-33492Jun 12, 2023
    risk 0.00cvss epss 0.00

    EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).

  • CVE-2023-31708May 23, 2023
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.

  • CVE-2023-30125Apr 28, 2023
    risk 0.00cvss epss 0.00

    EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).