CVE-2020-19118
https://notcve.org/view.php?id=CVE-2020-19118
27 Jul 2021 — Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en YzmCMS versión 5.2, por medio del parámetro site_code en el archivo admin/index/init.html • https://github.com/yzmcms/yzmcms/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-18084
https://notcve.org/view.php?id=CVE-2020-18084
30 Apr 2021 — Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en yzmCMS versión v5.2, permite a atacantes remotos ejecutar código arbitrario al inyectar comandos en el campo "referer" de una petición POST en el componente "/member/index/login.html" al iniciar sesión. • https://github.com/yzmcms/yzmcms/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9660
https://notcve.org/view.php?id=CVE-2019-9660
11 Mar 2019 — Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter. Hay Cross-Site Scripting (XSS) persistente en YzmCMS, en su versión 5.2, mediante el parámetro "catname" en admin/category/edit.html. • https://github.com/yzmcms/yzmcms/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9661
https://notcve.org/view.php?id=CVE-2019-9661
11 Mar 2019 — Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter, Hay Cross-Site Scripting (XSS) persistente en YzmCMS, en su versión 5.2, mediante el parámetro "value" en admin/system_manage/user_config_edit.html • https://github.com/yzmcms/yzmcms/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9570
https://notcve.org/view.php?id=CVE-2019-9570
05 Mar 2019 — An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. Se ha descubierto un problema en YzmCMS 5.2.0. Tiene Cross-Site Scripting (XSS) mediante el campo de texto inferior en el URI admin/system_manage/save.html, relacionado con el parámetro site_code. • https://github.com/yzmcms/yzmcms/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20015
https://notcve.org/view.php?id=CVE-2018-20015
10 Dec 2018 — YzmCMS v5.2 has admin/role/add.html CSRF. YzmCMS v5.2 tiene Cross-Site Request Forgery (CSRF) en admin/role/add.html. • https://github.com/Jxysir/YZM-CSRF- • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-19849
https://notcve.org/view.php?id=CVE-2018-19849
04 Dec 2018 — An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. Se ha descubierto un problema en YzmCMS 5.2. Existe Cross-Site Scripting (XSS) mediante el parámetro searinfo en admin/content/search.html. • https://github.com/yzmcms/yzmcms/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-19092
https://notcve.org/view.php?id=CVE-2018-19092
07 Nov 2018 — An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie. Se ha descubierto un problema en YzmCMS v5.2. Tiene Cross-Site Scripting (XSS) mediante una cadena de consulta en search/index/archives/pubtime/, tal y como queda demostrado con el URI search/index/archives/pubtime/1526387722/page/1.html. • https://github.com/yzmcms/yzmcms/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •