Vulnerabilities > Easycms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-17 | CVE-2018-17113 | Cross-site Scripting vulnerability in Easycms 1.5 App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | 6.1 |
| 2018-09-10 | CVE-2018-16773 | Cross-site Scripting vulnerability in Easycms 1.5 EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | 4.8 |
| 2018-09-09 | CVE-2018-16759 | Cross-site Scripting vulnerability in Easycms 1.4 The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. | 6.1 |
| 2018-06-29 | CVE-2018-12971 | Cross-Site Request Forgery (CSRF) vulnerability in Easycms 1.3 EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | 6.5 |
| 2018-04-25 | CVE-2018-10374 | Cross-site Scripting vulnerability in Easycms 1.3 EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. | 6.1 |