VYPR

Eyoucms

by Eyoucms

CVEs (77)

  • CVE-2023-2058Apr 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation…

  • CVE-2023-2057Apr 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It…

  • CVE-2023-1799Apr 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2023-1798Apr 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely.…

  • CVE-2022-45755Feb 8, 2023
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.

  • CVE-2022-45541Jan 20, 2023
    risk 0.00cvss epss 0.00

    EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.

  • CVE-2022-45542Jan 20, 2023
    risk 0.00cvss epss 0.00

    EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.

  • CVE-2022-45537Jan 20, 2023
    risk 0.00cvss epss 0.00

    EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".

  • CVE-2022-45540Jan 20, 2023
    risk 0.00cvss epss 0.00

    EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.

  • CVE-2022-45539Jan 20, 2023
    risk 0.00cvss epss 0.00

    EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.

  • CVE-2022-45538Jan 20, 2023
    risk 0.00cvss epss 0.00

    EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".

  • CVE-2021-39428Dec 15, 2022
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.

  • CVE-2022-45280Nov 23, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2022-44387Nov 14, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.

  • CVE-2022-44390Nov 14, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.

  • CVE-2022-44389Nov 14, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information.

  • CVE-2022-43323Nov 14, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.

  • CVE-2022-41500Oct 18, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.

  • CVE-2022-36225Aug 19, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.

  • CVE-2022-35509Aug 9, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive…