VYPR

Vendor CVEs

Eyoucms

All CVEs

77 total · sorted by risk
  • CVE-2022-45538Jan 20, 2023
    risk 0.00cvss epss 0.00

    EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".

  • CVE-2021-39428Dec 15, 2022
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.

  • CVE-2022-45280Nov 23, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2022-44387Nov 14, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.

  • CVE-2022-44390Nov 14, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.

  • CVE-2022-44389Nov 14, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information.

  • CVE-2022-43323Nov 14, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.

  • CVE-2022-41500Oct 18, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.

  • CVE-2022-36225Aug 19, 2022
    risk 0.00cvss epss 0.00

    EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.

  • CVE-2022-35509Aug 9, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive…

  • CVE-2022-33122Jun 24, 2022
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.

  • CVE-2022-26273Mar 28, 2022
    risk 0.00cvss epss 0.01

    EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.

  • CVE-2022-26279Mar 24, 2022
    risk 0.00cvss epss 0.02

    EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.

  • CVE-2021-42194Mar 20, 2022
    risk 0.00cvss epss 0.01

    The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.

  • CVE-2021-46255Jan 14, 2022
    risk 0.00cvss epss 0.01

    eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.

  • CVE-2020-24000Nov 3, 2021
    risk 0.00cvss epss 0.02

    SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.

  • CVE-2021-39500Sep 7, 2021
    risk 0.00cvss epss 0.01

    Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

  • CVE-2021-39499Sep 7, 2021
    risk 0.00cvss epss 0.01

    A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.

  • CVE-2021-39497Sep 7, 2021
    risk 0.00cvss epss 0.02

    eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.

  • CVE-2021-39496Sep 7, 2021
    risk 0.00cvss epss 0.01

    Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.

  • CVE-2020-20645Aug 19, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.

  • CVE-2020-19669Aug 18, 2021
    risk 0.00cvss epss 0.01

    Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.

  • CVE-2020-28146Aug 18, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.

  • CVE-2020-21930Aug 10, 2021
    risk 0.00cvss epss 0.01

    A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.

  • CVE-2020-21929Aug 10, 2021
    risk 0.00cvss epss 0.01

    A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.

  • CVE-2020-18129Oct 22, 2020
    risk 0.00cvss epss 0.01

    A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.

  • CVE-2019-17430Oct 10, 2019
    risk 0.00cvss epss 0.01

    EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.

Page 2 of 2