CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45542
https://notcve.org/view.php?id=CVE-2022-45542
20 Jan 2023 — EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. EyouCMS <= 1.6.0 descubrió un XSS reflejado en el componente FileManager en el parámetro GET "filename" al editar cualquier archivo. • https://github.com/weng-xianhu/eyoucms/issues/33 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45537
https://notcve.org/view.php?id=CVE-2022-45537
20 Jan 2023 — EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". EyouCMS <= 1.6.0 descubrió un XSS reflejado en el componente de publicación del artículo en la cookie "ENV_LIST_URL". • https://github.com/weng-xianhu/eyoucms/issues/34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2020-28146
https://notcve.org/view.php?id=CVE-2020-28146
18 Aug 2021 — Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Eyoucms versiones v1.4.7 y anteriores, por medio del parámetro addonfieldext. • https://github.com/eyoucms/eyoucms/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21930
https://notcve.org/view.php?id=CVE-2020-21930
10 Aug 2021 — A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en el campo web_attr_2 de Eyoucms versión v1.4.1, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario • https://github.com/eyoucms/eyoucms/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21929
https://notcve.org/view.php?id=CVE-2020-21929
10 Aug 2021 — A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en el campo web_copyright de Eyoucms versión v1.4.1, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario • https://github.com/eyoucms/eyoucms/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •