Eyoucms CVE - OpenCVE

Filtered by vendor Eyoucms Subscriptions

Total 61 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-41597	1 Eyoucms	1 Eyoucms	2024-08-29	6.1 Medium
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.
CVE-2023-46935	1 Eyoucms	1 Eyoucms	2024-08-10	5.4 Medium
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
CVE-2019-17430	1 Eyoucms	1 Eyoucms	2024-08-05	6.1 Medium
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.
CVE-2020-28146	1 Eyoucms	1 Eyoucms	2024-08-04	6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
CVE-2020-24000	1 Eyoucms	1 Eyoucms	2024-08-04	9.8 Critical
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
CVE-2020-21930	1 Eyoucms	1 Eyoucms	2024-08-04	5.4 Medium
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2020-21929	1 Eyoucms	1 Eyoucms	2024-08-04	5.4 Medium
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2020-20645	1 Eyoucms	1 Eyoucms	2024-08-04	5.4 Medium
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
CVE-2020-20642	1 Eyoucms	1 Eyoucms	2024-08-04	8.8 High
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
CVE-2020-19669	1 Eyoucms	1 Eyoucms	2024-08-04	8.8 High
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
CVE-2020-18129	1 Eyoucms	1 Eyoucms	2024-08-04	8.8 High
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.
CVE-2021-46255	1 Eyoucms	1 Eyoucms	2024-08-04	8.1 High
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.
CVE-2021-42194	1 Eyoucms	1 Eyoucms	2024-08-04	7.2 High
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
CVE-2021-39500	1 Eyoucms	1 Eyoucms	2024-08-04	7.5 High
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.
CVE-2021-39501	1 Eyoucms	1 Eyoucms	2024-08-04	6.1 Medium
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
CVE-2021-39428	1 Eyoucms	1 Eyoucms	2024-08-04	5.4 Medium
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
CVE-2021-39497	1 Eyoucms	1 Eyoucms	2024-08-04	9.8 Critical
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
CVE-2021-39499	1 Eyoucms	1 Eyoucms	2024-08-04	6.1 Medium
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
CVE-2021-39496	1 Eyoucms	1 Eyoucms	2024-08-04	5.4 Medium
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
CVE-2022-45755	1 Eyoucms	1 Eyoucms	2024-08-03	5.4 Medium
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.

Page 1 of 4. next last »