CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19118
https://notcve.org/view.php?id=CVE-2020-19118
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en YzmCMS versión 5.2, por medio del parámetro site_code en el archivo admin/index/init.html • https://github.com/yzmcms/yzmcms/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18084
https://notcve.org/view.php?id=CVE-2020-18084
Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en yzmCMS versión v5.2, permite a atacantes remotos ejecutar código arbitrario al inyectar comandos en el campo "referer" de una petición POST en el componente "/member/index/login.html" al iniciar sesión. • https://github.com/yzmcms/yzmcms/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9660
https://notcve.org/view.php?id=CVE-2019-9660
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter. Hay Cross-Site Scripting (XSS) persistente en YzmCMS, en su versión 5.2, mediante el parámetro "catname" en admin/category/edit.html. • https://github.com/yzmcms/yzmcms/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9661
https://notcve.org/view.php?id=CVE-2019-9661
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter, Hay Cross-Site Scripting (XSS) persistente en YzmCMS, en su versión 5.2, mediante el parámetro "value" en admin/system_manage/user_config_edit.html • https://github.com/yzmcms/yzmcms/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9570
https://notcve.org/view.php?id=CVE-2019-9570
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. Se ha descubierto un problema en YzmCMS 5.2.0. Tiene Cross-Site Scripting (XSS) mediante el campo de texto inferior en el URI admin/system_manage/save.html, relacionado con el parámetro site_code. • https://github.com/yzmcms/yzmcms/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •