Filtered by vendor Yzmcms
Subscribe
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10224 | 1 Yzmcms | 1 Yzmcms | 2018-05-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html. | |||||
| CVE-2018-10223 | 1 Yzmcms | 1 Yzmcms | 2018-05-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html. | |||||
| CVE-2018-10026 | 1 Yzmcms | 1 Yzmcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. | |||||
| CVE-2018-8078 | 1 Yzmcms | 1 Yzmcms | 2018-03-29 | 3.5 LOW | 5.4 MEDIUM |
| YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | |||||
| CVE-2018-7579 | 1 Yzmcms | 1 Yzmcms | 2018-03-22 | 6.5 MEDIUM | 7.2 HIGH |
| \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. | |||||