Vulnerabilities > Easycms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2022-23358 | SQL Injection vulnerability in Easycms 1.6 EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. | 9.8 |
| 2021-02-01 | CVE-2020-24271 | Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.6 A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | 8.8 |
| 2019-01-15 | CVE-2019-6294 | Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.5 An issue was discovered in EasyCMS 1.5. | 8.8 |
| 2018-09-17 | CVE-2018-17113 | Cross-site Scripting vulnerability in Easycms 1.5 App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | 6.1 |
| 2018-09-10 | CVE-2018-16773 | Cross-site Scripting vulnerability in Easycms 1.5 EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | 4.8 |
| 2018-09-09 | CVE-2018-16759 | Cross-site Scripting vulnerability in Easycms 1.4 The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. | 6.1 |
| 2018-09-02 | CVE-2018-16345 | Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.5 An issue was discovered in EasyCMS 1.5. | 8.8 |
| 2018-06-29 | CVE-2018-12971 | Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.3 EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | 6.5 |
| 2018-04-25 | CVE-2018-10374 | Cross-site Scripting vulnerability in Easycms 1.3 EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. | 6.1 |