Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37132 | 1 Eyoucms | 1 Eyoucms | 2023-07-11 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-37135 | 1 Eyoucms | 1 Eyoucms | 2023-07-11 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-36093 | 1 Eyoucms | 1 Eyoucms | 2023-06-28 | N/A | 5.4 MEDIUM |
| There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 | |||||
| CVE-2023-34657 | 1 Eyoucms | 1 Eyoucms | 2023-06-26 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. | |||||
| CVE-2023-33492 | 1 Eyoucms | 1 Eyoucms | 2023-06-16 | N/A | 5.4 MEDIUM |
| EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-31708 | 1 Eyoucms | 1 Eyoucms | 2023-05-27 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | |||||
| CVE-2023-30125 | 1 Eyoucms | 1 Eyoucms | 2023-05-09 | N/A | 6.1 MEDIUM |
| EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-45755 | 1 Eyoucms | 1 Eyoucms | 2023-02-18 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. | |||||
| CVE-2022-45542 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 5.4 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | |||||
| CVE-2022-45540 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | |||||
| CVE-2022-45541 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | |||||
| CVE-2022-45537 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | |||||
| CVE-2022-45538 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". | |||||
| CVE-2022-45539 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | |||||
| CVE-2021-39428 | 1 Eyoucms | 1 Eyoucms | 2022-12-19 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | |||||
| CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2022-11-28 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | |||||
| CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | |||||
| CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 6.5 MEDIUM |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | |||||
| CVE-2022-44390 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. | |||||