Vulnerabilities > Eyoucms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-39501 | Open Redirect vulnerability in Eyoucms 1.5.4 EyouCMS 1.5.4 is vulnerable to Open Redirect. | 6.1 |
| 2021-09-07 | CVE-2021-39496 | Cross-site Scripting vulnerability in Eyoucms 1.5.4 Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. | 5.4 |
| 2021-09-07 | CVE-2021-39499 | Cross-site Scripting vulnerability in Eyoucms 1.5.4 A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | 6.1 |
| 2021-08-19 | CVE-2020-20645 | Cross-site Scripting vulnerability in Eyoucms 1.3.6 Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area. | 5.4 |
| 2021-08-18 | CVE-2020-28146 | Cross-site Scripting vulnerability in Eyoucms Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. | 6.1 |
| 2021-08-10 | CVE-2020-21929 | Cross-site Scripting vulnerability in Eyoucms 1.4.1 A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | 5.4 |
| 2021-08-10 | CVE-2020-21930 | Cross-site Scripting vulnerability in Eyoucms 1.4.1 A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | 5.4 |
| 2019-10-10 | CVE-2019-17430 | Cross-site Scripting vulnerability in Eyoucms EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | 6.1 |