Vulnerabilities > Eyoucms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-39501 | Open Redirect vulnerability in Eyoucms 1.5.4 EyouCMS 1.5.4 is vulnerable to Open Redirect. | 5.8 |
| 2021-09-07 | CVE-2021-39499 | Cross-site Scripting vulnerability in Eyoucms 1.5.4 A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | 4.3 |
| 2021-08-19 | CVE-2020-20642 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6 Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | 6.8 |
| 2021-08-18 | CVE-2020-19669 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6 Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. | 6.8 |
| 2021-08-18 | CVE-2020-28146 | Cross-site Scripting vulnerability in Eyoucms Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. | 4.3 |
| 2020-10-22 | CVE-2020-18129 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.2.7 A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | 6.8 |
| 2019-10-10 | CVE-2019-17430 | Cross-site Scripting vulnerability in Eyoucms EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | 4.3 |