Vulnerabilities > Eyoucms

DATE CVE VULNERABILITY TITLE RISK
2023-05-23 CVE-2023-31708 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.6.2
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
network
low complexity
eyoucms CWE-352
4.3
4.3
2023-04-28 CVE-2023-30125 Cross-site Scripting vulnerability in Eyoucms 1.6.1Utf8Sp1
EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
eyoucms CWE-79
6.1
6.1
2023-04-14 CVE-2023-2057 Cross-site Scripting vulnerability in Eyoucms 1.5.4
A vulnerability was found in EyouCms 1.5.4.
network
low complexity
eyoucms CWE-79
6.1
6.1
2023-04-14 CVE-2023-2058 Cross-site Scripting vulnerability in Eyoucms
A vulnerability was found in EyouCms up to 1.6.2.
network
low complexity
eyoucms CWE-79
6.1
6.1
2023-02-08 CVE-2022-45755 Cross-site Scripting vulnerability in Eyoucms 1.6.0
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.
network
low complexity
eyoucms CWE-79
5.4
5.4
2023-01-20 CVE-2022-45537 Cross-site Scripting vulnerability in Eyoucms
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".
network
low complexity
eyoucms CWE-79
6.1
6.1
2023-01-20 CVE-2022-45538 Cross-site Scripting vulnerability in Eyoucms
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".
network
low complexity
eyoucms CWE-79
6.1
6.1
2023-01-20 CVE-2022-45539 Cross-site Scripting vulnerability in Eyoucms
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.
network
low complexity
eyoucms CWE-79
6.1
6.1
2023-01-20 CVE-2022-45540 Cross-site Scripting vulnerability in Eyoucms
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.
network
low complexity
eyoucms CWE-79
6.1
6.1
2023-01-20 CVE-2022-45541 Cross-site Scripting vulnerability in Eyoucms
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
network
low complexity
eyoucms CWE-79
6.1
6.1