NotCVE - vendor:"Yzmcms" product:"Yzmcms"

41 results (0.016 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-24291

https://notcve.org/view.php?id=CVE-2024-24291

An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. Un problema en el componente /member/index/login de yzmcms v7.0 permite a los atacantes dirigir a los usuarios a sitios maliciosos a través de una URL manipulada. • https://gitee.com/wgd0ay/wgd0ay/issues/I8WSD1 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-52274

https://notcve.org/view.php?id=CVE-2023-52274

member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. member/index/register.html en YzmCMS 6.5 a 7.0 permite XSS a través del encabezado HTTP Referer. • https://github.com/yzmcms/yzmcms/issues/65 https://github.com/yzmcms/yzmcms/tags • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-23595

https://notcve.org/view.php?id=CVE-2020-23595

Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. • https://github.com/yzmcms/yzmcms/issues/47 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-20502

https://notcve.org/view.php?id=CVE-2020-20502

Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. • http://www.yzmcms.com https://github.com/yzmcms/yzmcms/issues/27 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-36712

https://notcve.org/view.php?id=CVE-2021-36712

Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. • http://yzmcms.com https://github.com/linuka-deception/yzmcms6.1.git • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5