Vulnerabilities > Eyoucms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2022-45540 | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | 6.1 |
| 2023-01-20 | CVE-2022-45541 | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | 6.1 |
| 2023-01-20 | CVE-2022-45542 | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | 5.4 |
| 2022-12-15 | CVE-2021-39428 | Cross-site Scripting vulnerability in Eyoucms 1.5.4 Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | 5.4 |
| 2022-11-23 | CVE-2022-45280 | Cross-site Scripting vulnerability in Eyoucms 1.6.0 A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
| 2022-11-14 | CVE-2022-44389 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. | 6.5 |
| 2022-11-14 | CVE-2022-44390 | Cross-site Scripting vulnerability in Eyoucms 1.5.9 A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. | 5.4 |
| 2022-03-20 | CVE-2021-42194 | XXE vulnerability in Eyoucms 1.5.4 The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | 6.5 |
| 2022-01-14 | CVE-2021-46255 | Unspecified vulnerability in Eyoucms 1.5.5Utf8Sp31 eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename. | 5.5 |
| 2021-09-07 | CVE-2021-39500 | Path Traversal vulnerability in Eyoucms 1.5.4 Eyoucms 1.5.4 is vulnerable to Directory Traversal. | 5.0 |