CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9660
https://notcve.org/view.php?id=CVE-2019-9660
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter. Hay Cross-Site Scripting (XSS) persistente en YzmCMS, en su versión 5.2, mediante el parámetro "catname" en admin/category/edit.html. • https://github.com/yzmcms/yzmcms/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9661
https://notcve.org/view.php?id=CVE-2019-9661
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter, Hay Cross-Site Scripting (XSS) persistente en YzmCMS, en su versión 5.2, mediante el parámetro "value" en admin/system_manage/user_config_edit.html • https://github.com/yzmcms/yzmcms/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9570
https://notcve.org/view.php?id=CVE-2019-9570
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. Se ha descubierto un problema en YzmCMS 5.2.0. Tiene Cross-Site Scripting (XSS) mediante el campo de texto inferior en el URI admin/system_manage/save.html, relacionado con el parámetro site_code. • https://github.com/yzmcms/yzmcms/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20015
https://notcve.org/view.php?id=CVE-2018-20015
YzmCMS v5.2 has admin/role/add.html CSRF. YzmCMS v5.2 tiene Cross-Site Request Forgery (CSRF) en admin/role/add.html. • https://github.com/Jxysir/YZM-CSRF- • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19849
https://notcve.org/view.php?id=CVE-2018-19849
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. Se ha descubierto un problema en YzmCMS 5.2. Existe Cross-Site Scripting (XSS) mediante el parámetro searinfo en admin/content/search.html. • https://github.com/yzmcms/yzmcms/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •