Eyoucms
by Eyoucms
CVEs (77)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42286 | 0.00 | — | 0.01 | Mar 14, 2024 | There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload. | |||
| CVE-2024-23033 | 0.00 | — | 0.00 | Feb 1, 2024 | Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||
| CVE-2024-23032 | 0.00 | — | 0.00 | Feb 1, 2024 | Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||
| CVE-2024-23031 | 0.00 | — | 0.00 | Feb 1, 2024 | Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||
| CVE-2024-23034 | 0.00 | — | 0.00 | Feb 1, 2024 | Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||
| CVE-2023-50566 | 0.00 | — | 0.00 | Dec 14, 2023 | A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter. | |||
| CVE-2023-48882 | 0.00 | — | 0.00 | Nov 29, 2023 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | |||
| CVE-2023-48880 | 0.00 | — | 0.00 | Nov 29, 2023 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | |||
| CVE-2023-48881 | 0.00 | — | 0.00 | Nov 29, 2023 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. | |||
| CVE-2023-46935 | 0.00 | — | 0.00 | Nov 21, 2023 | eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. | |||
| CVE-2023-37136 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-37133 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-37134 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-37132 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-37135 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-36093 | 0.00 | — | 0.00 | Jun 22, 2023 | There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 | |||
| CVE-2023-34657 | 0.00 | — | 0.00 | Jun 19, 2023 | A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. | |||
| CVE-2023-33492 | 0.00 | — | 0.00 | Jun 12, 2023 | EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). | |||
| CVE-2023-31708 | 0.00 | — | 0.00 | May 23, 2023 | A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | |||
| CVE-2023-30125 | 0.00 | — | 0.00 | Apr 28, 2023 | EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). |
- CVE-2023-42286Mar 14, 2024risk 0.00cvss —epss 0.01
There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.
- CVE-2024-23033Feb 1, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
- CVE-2024-23032Feb 1, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
- CVE-2024-23031Feb 1, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
- CVE-2024-23034Feb 1, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
- CVE-2023-50566Dec 14, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.
- CVE-2023-48882Nov 29, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
- CVE-2023-48880Nov 29, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
- CVE-2023-48881Nov 29, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.
- CVE-2023-46935Nov 21, 2023risk 0.00cvss —epss 0.00
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
- CVE-2023-37136Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-37133Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-37134Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-37132Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-37135Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-36093Jun 22, 2023risk 0.00cvss —epss 0.00
There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
- CVE-2023-34657Jun 19, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
- CVE-2023-33492Jun 12, 2023risk 0.00cvss —epss 0.00
EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).
- CVE-2023-31708May 23, 2023risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
- CVE-2023-30125Apr 28, 2023risk 0.00cvss —epss 0.00
EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).
Page 2 of 4