Filtered by vendor Eyoucms
Subscriptions
Filtered by product Eyoucms
Subscriptions
Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-45540 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 6.1 Medium |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | ||||
CVE-2022-45541 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 6.1 Medium |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | ||||
CVE-2022-45537 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 6.1 Medium |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | ||||
CVE-2022-45542 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 5.4 Medium |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | ||||
CVE-2022-45539 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 6.1 Medium |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | ||||
CVE-2022-45538 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 6.1 Medium |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". | ||||
CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 8.8 High |
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | ||||
CVE-2022-44390 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. | ||||
CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 6.5 Medium |
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | ||||
CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 8.8 High |
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | ||||
CVE-2022-41500 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 8.8 High |
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | ||||
CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 8.8 High |
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | ||||
CVE-2022-35509 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 5.4 Medium |
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information. | ||||
CVE-2022-33122 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 4.8 Medium |
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. | ||||
CVE-2022-26279 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 9.8 Critical |
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | ||||
CVE-2022-26273 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 9.8 Critical |
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | ||||
CVE-2023-50566 | 1 Eyoucms | 1 Eyoucms | 2024-08-02 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter. | ||||
CVE-2023-48881 | 1 Eyoucms | 1 Eyoucms | 2024-08-02 | 4.8 Medium |
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. | ||||
CVE-2023-48880 | 1 Eyoucms | 1 Eyoucms | 2024-08-02 | 4.8 Medium |
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. |