Vulnerabilities > Eyoucms

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2022-45540 Cross-site Scripting vulnerability in Eyoucms
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.
network
low complexity
eyoucms CWE-79
6.1
2023-01-20 CVE-2022-45541 Cross-site Scripting vulnerability in Eyoucms
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
network
low complexity
eyoucms CWE-79
6.1
2023-01-20 CVE-2022-45542 Cross-site Scripting vulnerability in Eyoucms
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
network
low complexity
eyoucms CWE-79
5.4
2022-12-15 CVE-2021-39428 Cross-site Scripting vulnerability in Eyoucms 1.5.4
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
network
low complexity
eyoucms CWE-79
5.4
2022-11-23 CVE-2022-45280 Cross-site Scripting vulnerability in Eyoucms 1.6.0
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
eyoucms CWE-79
5.4
2022-11-14 CVE-2022-43323 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
network
low complexity
eyoucms CWE-352
8.8
2022-11-14 CVE-2022-44387 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.
network
low complexity
eyoucms CWE-352
8.8
2022-11-14 CVE-2022-44389 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module.
network
low complexity
eyoucms CWE-352
6.5
2022-11-14 CVE-2022-44390 Cross-site Scripting vulnerability in Eyoucms 1.5.9
A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.
network
low complexity
eyoucms CWE-79
5.4
2022-10-18 CVE-2022-41500 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
network
low complexity
eyoucms CWE-352
8.8