CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20015
https://notcve.org/view.php?id=CVE-2018-20015
YzmCMS v5.2 has admin/role/add.html CSRF. YzmCMS v5.2 tiene Cross-Site Request Forgery (CSRF) en admin/role/add.html. • https://github.com/Jxysir/YZM-CSRF- • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19849
https://notcve.org/view.php?id=CVE-2018-19849
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. Se ha descubierto un problema en YzmCMS 5.2. Existe Cross-Site Scripting (XSS) mediante el parámetro searinfo en admin/content/search.html. • https://github.com/yzmcms/yzmcms/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19092
https://notcve.org/view.php?id=CVE-2018-19092
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie. Se ha descubierto un problema en YzmCMS v5.2. Tiene Cross-Site Scripting (XSS) mediante una cadena de consulta en search/index/archives/pubtime/, tal y como queda demostrado con el URI search/index/archives/pubtime/1526387722/page/1.html. • https://github.com/yzmcms/yzmcms/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •