Page 5 of 61 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. • https://github.com/weng-xianhu/eyoucms/issues/41 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). • https://github.com/weng-xianhu/eyoucms/issues/40 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. • https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md https://vuldb.com/?ctiid.225943 https://vuldb.com/?id.225943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. • https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS1.md https://vuldb.com/?ctiid.225942 https://vuldb.com/?id.225942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/wkstestete/cve/blob/master/xss/Eyoucms%20xss2.md https://vuldb.com/?ctiid.224751 https://vuldb.com/?id.224751 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •