Vulnerabilities > Yuba > U5Cms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-17 | CVE-2022-32442 | Cross-site Scripting vulnerability in Yuba U5Cms 8.3.5 u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). | 4.3 |
2022-06-17 | CVE-2022-32444 | Open Redirect vulnerability in Yuba U5Cms 8.3.5 An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | 5.8 |
2015-02-11 | CVE-2015-1578 | Open Redirection vulnerability in Yuba U5Cms 3.9.3 Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php. network yuba | 5.8 |
2015-02-11 | CVE-2015-1577 | Path Traversal vulnerability in Yuba U5Cms 3.9.3 Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. | 6.4 |
2015-02-11 | CVE-2015-1576 | SQL Injection vulnerability in Yuba U5Cms 3.9.3 Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php. | 7.5 |
2015-02-11 | CVE-2015-1575 | Cross-site Scripting vulnerability in Yuba U5Cms 3.9.3 Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php. | 4.3 |