Eyoucms - Eyoucms CVE

Filtered by vendor Eyoucms Subscriptions

Filtered by product Eyoucms Subscriptions

Total 61 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-45540	1 Eyoucms	1 Eyoucms	2024-08-03	6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.
CVE-2022-45541	1 Eyoucms	1 Eyoucms	2024-08-03	6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
CVE-2022-45537	1 Eyoucms	1 Eyoucms	2024-08-03	6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".
CVE-2022-45542	1 Eyoucms	1 Eyoucms	2024-08-03	5.4 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
CVE-2022-45539	1 Eyoucms	1 Eyoucms	2024-08-03	6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.
CVE-2022-45538	1 Eyoucms	1 Eyoucms	2024-08-03	6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".
CVE-2022-45280	1 Eyoucms	1 Eyoucms	2024-08-03	5.4 Medium
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-44387	1 Eyoucms	1 Eyoucms	2024-08-03	8.8 High
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.
CVE-2022-44390	1 Eyoucms	1 Eyoucms	2024-08-03	5.4 Medium
A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.
CVE-2022-44389	1 Eyoucms	1 Eyoucms	2024-08-03	6.5 Medium
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information.
CVE-2022-43323	1 Eyoucms	1 Eyoucms	2024-08-03	8.8 High
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
CVE-2022-41500	1 Eyoucms	1 Eyoucms	2024-08-03	8.8 High
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
CVE-2022-36225	1 Eyoucms	1 Eyoucms	2024-08-03	8.8 High
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.
CVE-2022-35509	1 Eyoucms	1 Eyoucms	2024-08-03	5.4 Medium
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.
CVE-2022-33122	1 Eyoucms	1 Eyoucms	2024-08-03	4.8 Medium
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.
CVE-2022-26279	1 Eyoucms	1 Eyoucms	2024-08-03	9.8 Critical
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
CVE-2022-26273	1 Eyoucms	1 Eyoucms	2024-08-03	9.8 Critical
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
CVE-2023-50566	1 Eyoucms	1 Eyoucms	2024-08-02	5.4 Medium
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.
CVE-2023-48881	1 Eyoucms	1 Eyoucms	2024-08-02	4.8 Medium
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.
CVE-2023-48880	1 Eyoucms	1 Eyoucms	2024-08-02	4.8 Medium
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

« first previous Page 2 of 4. next last »