Vendor CVEs
Eyoucms
All CVEs
77 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7389 | Hig | 0.47 | 7.3 | 0.00 | Apr 29, 2026 | A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort_asc leads to sql injection. The attack may be initiated remotely. The exploit has been… | ||
| CVE-2026-1107 | Med | 0.41 | 6.3 | 0.00 | Jan 18, 2026 | A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from… | ||
| CVE-2025-15375 | Med | 0.41 | 6.3 | 0.00 | Dec 31, 2025 | A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be… | ||
| CVE-2025-15373 | Med | 0.41 | 6.3 | 0.00 | Dec 31, 2025 | A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed… | ||
| CVE-2026-7388 | Med | 0.31 | 4.7 | 0.00 | Apr 29, 2026 | A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The… | ||
| CVE-2026-6561 | Med | 0.31 | 4.7 | 0.00 | Apr 19, 2026 | A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out… | ||
| CVE-2025-15143 | Med | 0.31 | 4.7 | 0.00 | Dec 28, 2025 | A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It… | ||
| CVE-2025-15374 | Low | 0.23 | 3.5 | 0.00 | Dec 31, 2025 | A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of the argument content results in cross site scripting. The attack can be initiated… | ||
| CVE-2023-37645 | 0.04 | — | 0.24 | Jul 20, 2023 | eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt. | |||
| CVE-2021-39501 | 0.03 | — | 0.03 | Sep 7, 2021 | EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function. | |||
| CVE-2024-22927 | 0.01 | — | 0.01 | Feb 1, 2024 | Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||
| CVE-2023-41597 | 0.01 | — | 0.01 | Nov 15, 2023 | EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. | |||
| CVE-2025-65868 | 0.00 | — | 0.00 | Dec 3, 2025 | XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request. | |||
| CVE-2025-52335 | 0.00 | — | 0.00 | Aug 14, 2025 | EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information. | |||
| CVE-2024-52680 | 0.00 | — | 0.00 | Aug 7, 2025 | EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. | |||
| CVE-2024-11211 | 0.00 | — | 0.01 | Nov 14, 2024 | A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the… | |||
| CVE-2024-11210 | 0.00 | — | 0.01 | Nov 14, 2024 | A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely.… | |||
| CVE-2024-48196 | 0.00 | — | 0.01 | Oct 28, 2024 | An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter. | |||
| CVE-2024-48195 | 0.00 | — | 0.00 | Oct 28, 2024 | Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter. | |||
| CVE-2024-3431 | 0.00 | — | 0.01 | Apr 7, 2024 | A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack… | |||
| CVE-2023-42286 | 0.00 | — | 0.01 | Mar 14, 2024 | There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload. | |||
| CVE-2024-23033 | 0.00 | — | 0.00 | Feb 1, 2024 | Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||
| CVE-2024-23032 | 0.00 | — | 0.00 | Feb 1, 2024 | Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||
| CVE-2024-23031 | 0.00 | — | 0.00 | Feb 1, 2024 | Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||
| CVE-2024-23034 | 0.00 | — | 0.00 | Feb 1, 2024 | Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||
| CVE-2023-50566 | 0.00 | — | 0.00 | Dec 14, 2023 | A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter. | |||
| CVE-2023-48882 | 0.00 | — | 0.00 | Nov 29, 2023 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | |||
| CVE-2023-48880 | 0.00 | — | 0.00 | Nov 29, 2023 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | |||
| CVE-2023-48881 | 0.00 | — | 0.00 | Nov 29, 2023 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. | |||
| CVE-2023-46935 | 0.00 | — | 0.00 | Nov 21, 2023 | eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. | |||
| CVE-2023-37136 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-37133 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-37134 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-37132 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-37135 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-36093 | 0.00 | — | 0.00 | Jun 22, 2023 | There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 | |||
| CVE-2023-34657 | 0.00 | — | 0.00 | Jun 19, 2023 | A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. | |||
| CVE-2023-33492 | 0.00 | — | 0.00 | Jun 12, 2023 | EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). | |||
| CVE-2023-31708 | 0.00 | — | 0.00 | May 23, 2023 | A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | |||
| CVE-2023-30125 | 0.00 | — | 0.00 | Apr 28, 2023 | EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). | |||
| CVE-2023-2058 | 0.00 | — | 0.01 | Apr 14, 2023 | A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation… | |||
| CVE-2023-2057 | 0.00 | — | 0.01 | Apr 14, 2023 | A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It… | |||
| CVE-2023-1799 | 0.00 | — | 0.01 | Apr 2, 2023 | A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has… | |||
| CVE-2023-1798 | 0.00 | — | 0.01 | Apr 2, 2023 | A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely.… | |||
| CVE-2022-45755 | 0.00 | — | 0.00 | Feb 8, 2023 | Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. | |||
| CVE-2022-45541 | 0.00 | — | 0.00 | Jan 20, 2023 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | |||
| CVE-2022-45542 | 0.00 | — | 0.00 | Jan 20, 2023 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | |||
| CVE-2022-45537 | 0.00 | — | 0.00 | Jan 20, 2023 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | |||
| CVE-2022-45540 | 0.00 | — | 0.00 | Jan 20, 2023 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | |||
| CVE-2022-45539 | 0.00 | — | 0.00 | Jan 20, 2023 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. |
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort_asc leads to sql injection. The attack may be initiated remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed…
- risk 0.31cvss 4.7epss 0.00
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out…
- risk 0.31cvss 4.7epss 0.00
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of the argument content results in cross site scripting. The attack can be initiated…
- CVE-2023-37645Jul 20, 2023risk 0.04cvss —epss 0.24
eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.
- CVE-2021-39501Sep 7, 2021risk 0.03cvss —epss 0.03
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
- CVE-2024-22927Feb 1, 2024risk 0.01cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
- CVE-2023-41597Nov 15, 2023risk 0.01cvss —epss 0.01
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.
- CVE-2025-65868Dec 3, 2025risk 0.00cvss —epss 0.00
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
- CVE-2025-52335Aug 14, 2025risk 0.00cvss —epss 0.00
EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.
- CVE-2024-52680Aug 7, 2025risk 0.00cvss —epss 0.00
EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.
- CVE-2024-11211Nov 14, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the…
- CVE-2024-11210Nov 14, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely.…
- CVE-2024-48196Oct 28, 2024risk 0.00cvss —epss 0.01
An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
- CVE-2024-48195Oct 28, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
- CVE-2024-3431Apr 7, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack…
- CVE-2023-42286Mar 14, 2024risk 0.00cvss —epss 0.01
There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.
- CVE-2024-23033Feb 1, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
- CVE-2024-23032Feb 1, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
- CVE-2024-23031Feb 1, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
- CVE-2024-23034Feb 1, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
- CVE-2023-50566Dec 14, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.
- CVE-2023-48882Nov 29, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
- CVE-2023-48880Nov 29, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
- CVE-2023-48881Nov 29, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.
- CVE-2023-46935Nov 21, 2023risk 0.00cvss —epss 0.00
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
- CVE-2023-37136Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-37133Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-37134Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-37132Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-37135Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-36093Jun 22, 2023risk 0.00cvss —epss 0.00
There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
- CVE-2023-34657Jun 19, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
- CVE-2023-33492Jun 12, 2023risk 0.00cvss —epss 0.00
EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).
- CVE-2023-31708May 23, 2023risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
- CVE-2023-30125Apr 28, 2023risk 0.00cvss —epss 0.00
EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).
- CVE-2023-2058Apr 14, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation…
- CVE-2023-2057Apr 14, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It…
- CVE-2023-1799Apr 2, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has…
- CVE-2023-1798Apr 2, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely.…
- CVE-2022-45755Feb 8, 2023risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.
- CVE-2022-45541Jan 20, 2023risk 0.00cvss —epss 0.00
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
- CVE-2022-45542Jan 20, 2023risk 0.00cvss —epss 0.00
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
- CVE-2022-45537Jan 20, 2023risk 0.00cvss —epss 0.00
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".
- CVE-2022-45540Jan 20, 2023risk 0.00cvss —epss 0.00
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.
- CVE-2022-45539Jan 20, 2023risk 0.00cvss —epss 0.00
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.
Page 1 of 2