CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20642
https://notcve.org/view.php?id=CVE-2020-20642
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. Se presenta una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en EyouCMS versión 1.3.6, que puede añadir una página htm para ejecutar el código js por medio del componente login.php?m=admin&c=Filemanager&a=newfile&lang=cn. • https://github.com/eyoucms/eyoucms/issues/5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19669
https://notcve.org/view.php?id=CVE-2020-19669
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. Se presenta una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en Eyoucms versión 1.3.6, que puede añadir una cuenta de administrador por medio del componente /login.php?m=admin&c=Admin&a=admin_add&lang=cn. • https://github.com/eyoucms/eyoucms/issues/4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2020-28146
https://notcve.org/view.php?id=CVE-2020-28146
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Eyoucms versiones v1.4.7 y anteriores, por medio del parámetro addonfieldext. • https://github.com/eyoucms/eyoucms/issues/12 https://www.exploit-db.com/exploits/48530 https://www.eyoucms.com/ask/list_1_0/4511.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21930
https://notcve.org/view.php?id=CVE-2020-21930
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en el campo web_attr_2 de Eyoucms versión v1.4.1, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario • https://github.com/eyoucms/eyoucms/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21929
https://notcve.org/view.php?id=CVE-2020-21929
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en el campo web_copyright de Eyoucms versión v1.4.1, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario • https://github.com/eyoucms/eyoucms/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •