Vulnerabilities > Eyoucms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2022-45539 | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | 6.1 |
| 2023-01-20 | CVE-2022-45540 | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | 6.1 |
| 2023-01-20 | CVE-2022-45541 | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | 6.1 |
| 2023-01-20 | CVE-2022-45542 | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | 5.4 |
| 2022-12-15 | CVE-2021-39428 | Cross-site Scripting vulnerability in Eyoucms 1.5.4 Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | 5.4 |
| 2022-11-23 | CVE-2022-45280 | Cross-site Scripting vulnerability in Eyoucms 1.6.0 A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
| 2022-11-14 | CVE-2022-44389 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. | 6.5 |
| 2022-11-14 | CVE-2022-44390 | Cross-site Scripting vulnerability in Eyoucms 1.5.9 A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. | 5.4 |
| 2022-08-10 | CVE-2022-35509 | Cross-site Scripting vulnerability in Eyoucms 1.5.8 An issue was discovered in EyouCMS 1.5.8. | 5.4 |
| 2022-06-24 | CVE-2022-33122 | Cross-site Scripting vulnerability in Eyoucms 1.5.6 A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. | 4.8 |