Vulnerabilities > Eyoucms

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-39500 Path Traversal vulnerability in Eyoucms 1.5.4
Eyoucms 1.5.4 is vulnerable to Directory Traversal.
network
low complexity
eyoucms CWE-22
7.5
7.5
2021-09-07 CVE-2021-39501 Open Redirect vulnerability in Eyoucms 1.5.4
EyouCMS 1.5.4 is vulnerable to Open Redirect.
network
low complexity
eyoucms CWE-601
6.1
6.1
2021-09-07 CVE-2021-39496 Cross-site Scripting vulnerability in Eyoucms 1.5.4
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
network
low complexity
eyoucms CWE-79
5.4
5.4
2021-09-07 CVE-2021-39497 Server-Side Request Forgery (SSRF) vulnerability in Eyoucms 1.5.4
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
network
low complexity
eyoucms CWE-918
critical
 9.8
9.8
2021-09-07 CVE-2021-39499 Cross-site Scripting vulnerability in Eyoucms 1.5.4
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
network
low complexity
eyoucms CWE-79
6.1
6.1
2021-08-19 CVE-2020-20642 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
network
low complexity
eyoucms CWE-352
8.8
8.8
2021-08-19 CVE-2020-20645 Cross-site Scripting vulnerability in Eyoucms 1.3.6
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
network
low complexity
eyoucms CWE-79
5.4
5.4
2021-08-18 CVE-2020-19669 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
network
low complexity
eyoucms CWE-352
8.8
8.8
2021-08-18 CVE-2020-28146 Cross-site Scripting vulnerability in Eyoucms
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
network
low complexity
eyoucms CWE-79
6.1
6.1
2021-08-10 CVE-2020-21929 Cross-site Scripting vulnerability in Eyoucms 1.4.1
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
network
low complexity
eyoucms CWE-79
5.4
5.4