Vulnerabilities > Easycms > Easycms > 1.3

DATE CVE VULNERABILITY TITLE RISK
2018-06-29 CVE-2018-12971 Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.3
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
network
easycms CWE-352
5.8
5.8
2018-04-25 CVE-2018-10374 Cross-site Scripting vulnerability in Easycms 1.3
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.
network
easycms CWE-79
4.3
4.3