VYPR

Xyhcms3

by Gosea

Source repositories

CVEs (3)

  • CVE-2018-10127HigApr 16, 2018
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.

  • CVE-2018-10128MedApr 16, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.

  • CVE-2020-21656MedOct 6, 2021
    risk 0.35cvss 5.4epss 0.00

    XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.