CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39174
https://notcve.org/view.php?id=CVE-2024-39174
05 Jul 2024 — A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. Una vulnerabilidad de Cross Site Scripting (XSS) en la función Publicar artículo de yzmcms v7.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en un artículo publicado. • https://github.com/0x1ang/cvepbulic/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28725
https://notcve.org/view.php?id=CVE-2024-28725
06 May 2024 — Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. La vulnerabilidad de cross site scripting (XSS) en YzmCMS 7.0 permite a los atacantes ejecutar código arbitrario a través de la administración de anuncios, la administración de carrusel y la configuración del sistema. • https://github.com/asenzhenshuai/DongDong/blob/main/yzmcms-xss.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24291
https://notcve.org/view.php?id=CVE-2024-24291
06 Feb 2024 — An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. Un problema en el componente /member/index/login de yzmcms v7.0 permite a los atacantes dirigir a los usuarios a sitios maliciosos a través de una URL manipulada. • https://gitee.com/wgd0ay/wgd0ay/issues/I8WSD1 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-52274
https://notcve.org/view.php?id=CVE-2023-52274
11 Jan 2024 — member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. member/index/register.html en YzmCMS 6.5 a 7.0 permite XSS a través del encabezado HTTP Referer. • https://github.com/yzmcms/yzmcms/issues/65 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23595
https://notcve.org/view.php?id=CVE-2020-23595
11 Aug 2023 — Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. • https://github.com/yzmcms/yzmcms/issues/47 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20502
https://notcve.org/view.php?id=CVE-2020-20502
20 Jun 2023 — Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. • http://www.yzmcms.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36712
https://notcve.org/view.php?id=CVE-2021-36712
03 Feb 2023 — Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. • http://yzmcms.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23383
https://notcve.org/view.php?id=CVE-2022-23383
07 Mar 2022 — YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out. YzmCMS versión v6.3, está afectado por un control de acceso roto. Sin el acceso, puede realizarse un acceso no autorizado a la página personal del usuari... • http://yzmcms.com • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23384
https://notcve.org/view.php?id=CVE-2022-23384
15 Feb 2022 — YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add YzmCMS versión v6.3, está afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en el archivo /admin.add • https://github.com/yzmcms/yzmcms/issues/58 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23889
https://notcve.org/view.php?id=CVE-2022-23889
28 Jan 2022 — The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments. Se ha detectado que la función comment en YzmCMS versión v6.3, podía ser operada concurrentemente, permitiendo a atacantes crear un número inusualmente grande de comentarios • https://github.com/yzmcms/yzmcms/issues/61 • CWE-674: Uncontrolled Recursion •