Vulnerabilities > Yunucms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-12 | CVE-2020-18445 | Cross-site Scripting vulnerability in Yunucms 1.1.9 Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. | 4.3 |
| 2019-01-04 | CVE-2019-5311 | Cross-site Scripting vulnerability in Yunucms 1.1.8 An issue was discovered in YUNUCMS V1.1.8. | 4.3 |
| 2019-01-04 | CVE-2019-5310 | Cross-site Scripting vulnerability in Yunucms 1.1.8 YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. | 4.3 |
| 2018-11-11 | CVE-2018-19181 | Path Traversal vulnerability in Yunucms 1.1.5 statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. | 6.4 |
| 2018-09-22 | CVE-2018-17322 | Cross-site Scripting vulnerability in Yunucms 1.1.4 Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter. | 4.3 |