Vulnerabilities > Xyhcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2020-21656 | Cross-site Scripting vulnerability in Xyhcms 3.6 XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index. | 5.4 |
| 2021-07-08 | CVE-2020-20586 | Cross-Site Request Forgery (CSRF) vulnerability in Xyhcms 3.6 A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. | 4.5 |