Vulnerabilities > Eyoucms > Eyoucms > 1.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-15 | CVE-2021-39428 | Cross-site Scripting vulnerability in Eyoucms 1.5.4 Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | 5.4 |
| 2022-03-28 | CVE-2022-26273 | Unspecified vulnerability in Eyoucms 1.5.4 EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | 7.5 |
| 2022-03-20 | CVE-2021-42194 | XXE vulnerability in Eyoucms 1.5.4 The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | 6.5 |
| 2021-09-07 | CVE-2021-39500 | Path Traversal vulnerability in Eyoucms 1.5.4 Eyoucms 1.5.4 is vulnerable to Directory Traversal. | 5.0 |
| 2021-09-07 | CVE-2021-39501 | Open Redirect vulnerability in Eyoucms 1.5.4 EyouCMS 1.5.4 is vulnerable to Open Redirect. | 5.8 |
| 2021-09-07 | CVE-2021-39496 | Cross-site Scripting vulnerability in Eyoucms 1.5.4 Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. | 3.5 |
| 2021-09-07 | CVE-2021-39497 | Server-Side Request Forgery (SSRF) vulnerability in Eyoucms 1.5.4 eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. | 7.5 |
| 2021-09-07 | CVE-2021-39499 | Cross-site Scripting vulnerability in Eyoucms 1.5.4 A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | 4.3 |