Vulnerabilities > Eyoucms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-39499 | Cross-site Scripting vulnerability in Eyoucms 1.5.4 A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | 4.3 |
| 2021-08-19 | CVE-2020-20642 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6 Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | 6.8 |
| 2021-08-19 | CVE-2020-20645 | Cross-site Scripting vulnerability in Eyoucms 1.3.6 Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area. | 3.5 |
| 2021-08-18 | CVE-2020-19669 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6 Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. | 6.8 |
| 2021-08-18 | CVE-2020-28146 | Cross-site Scripting vulnerability in Eyoucms Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. | 4.3 |
| 2021-08-10 | CVE-2020-21929 | Cross-site Scripting vulnerability in Eyoucms 1.4.1 A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | 3.5 |
| 2021-08-10 | CVE-2020-21930 | Cross-site Scripting vulnerability in Eyoucms 1.4.1 A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | 3.5 |
| 2020-10-22 | CVE-2020-18129 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.2.7 A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | 6.8 |
| 2019-10-10 | CVE-2019-17430 | Cross-site Scripting vulnerability in Eyoucms EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | 4.3 |