Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Eyoucms Subscribe
Total 69 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39496 1 Eyoucms 1 Eyoucms 2021-09-09 3.5 LOW 5.4 MEDIUM
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
CVE-2020-28146 1 Eyoucms 1 Eyoucms 2021-08-24 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
CVE-2020-19669 1 Eyoucms 1 Eyoucms 2021-08-24 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
CVE-2020-20645 1 Eyoucms 1 Eyoucms 2021-08-23 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
CVE-2020-20642 1 Eyoucms 1 Eyoucms 2021-08-23 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
CVE-2020-21929 1 Eyoucms 1 Eyoucms 2021-08-13 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2020-21930 1 Eyoucms 1 Eyoucms 2021-08-13 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2020-18129 1 Eyoucms 1 Eyoucms 2020-10-27 6.8 MEDIUM 8.8 HIGH
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.
CVE-2019-17430 1 Eyoucms 1 Eyoucms 2019-11-14 4.3 MEDIUM 6.1 MEDIUM
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.