Vulnerabilities > Yfcmf
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-14 | CVE-2020-23691 | Unspecified vulnerability in Yfcmf 2.3.1 YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. | 9.8 |
| 2021-05-14 | CVE-2020-23689 | Cross-site Scripting vulnerability in Yfcmf 2.3.1 In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page. | 4.8 |
| 2018-09-04 | CVE-2018-16431 | Cross-Site Request Forgery (CSRF) vulnerability in Yfcmf 3.0 admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. | 8.8 |