Page 3 of 41 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19951

https://notcve.org/view.php?id=CVE-2020-19951

A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el archivo /controller/pay.class.php de YzmCMS versión v5.5, permite a atacantes acceder a componentes confidenciales de la aplicación • https://github.com/yzmcms/yzmcms/issues/43 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19950

https://notcve.org/view.php?id=CVE-2020-19950

A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /banner/add.html de YzmCMS versión v5.3, permite a atacantes ejecutar scripts web o HTML arbitrarios • https://github.com/yzmcms/yzmcms/issues/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19949

https://notcve.org/view.php?id=CVE-2020-19949

A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /link/add.html de YzmCMS versión v5.3, permite a atacantes ejecutar scripts web o HTML arbitrarios • https://github.com/yzmcms/yzmcms/issues/21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-20341

https://notcve.org/view.php?id=CVE-2020-20341

YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. YzmCMS versión v5.5, contiene una vulnerabilidad de tipo server-side request forgery (SSRF) en la función grab_image() • https://github.com/yzmcms/yzmcms/issues/44 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19118

https://notcve.org/view.php?id=CVE-2020-19118

Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en YzmCMS versión 5.2, por medio del parámetro site_code en el archivo admin/index/init.html • https://github.com/yzmcms/yzmcms/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •