Vulnerabilities > Xyhcms

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-06	CVE-2020-21656	Cross-site Scripting vulnerability in Xyhcms 3.6 XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index. network low complexity xyhcms CWE-79	5.4
2021-07-08	CVE-2020-20586	Cross-Site Request Forgery (CSRF) vulnerability in Xyhcms 3.6 A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. network low complexity xyhcms CWE-352	4.5
2018-07-24	CVE-2018-14583	Cross-Site Request Forgery (CSRF) vulnerability in Xyhcms 3.5 xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. network low complexity xyhcms CWE-352	8.8

Vulnerabilities > Xyhcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Xyhcms"}]}