VYPR
Vendor

Hyweb

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2021-22847HigJan 22, 2021
    risk 0.57cvss 8.8epss 0.02

    Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.

  • CVE-2021-22849MedJan 22, 2021
    risk 0.30cvss 4.6epss 0.01

    Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.