Vulnerabilities > Yzmcms

DATE	CVE	VULNERABILITY TITLE	RISK
2025-04-08	CVE-2025-3397	Cross-site Scripting vulnerability in Yzmcms 7.1 A vulnerability classified as problematic has been found in YzmCMS 7.1. network low complexity yzmcms CWE-79	6.1
2024-02-06	CVE-2024-24291	Open Redirect vulnerability in Yzmcms 7.0 An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. network low complexity yzmcms CWE-601	6.1
2024-01-11	CVE-2023-52274	Cross-site Scripting vulnerability in Yzmcms 7.0 member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. network low complexity yzmcms CWE-79	6.1
2023-08-11	CVE-2020-23595	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.6 Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. network low complexity yzmcms CWE-352	8.8
2023-06-20	CVE-2020-20502	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 2.0 Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. network low complexity yzmcms CWE-352	6.5
2023-02-03	CVE-2021-36712	Cross-site Scripting vulnerability in Yzmcms 6.1 Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. network low complexity yzmcms CWE-79	5.4
2022-03-10	CVE-2022-23383	Improper Authentication vulnerability in Yzmcms 6.3 YzmCMS v6.3 is affected by broken access control. network low complexity yzmcms CWE-287 critical	9.1
2022-02-15	CVE-2022-23384	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3 YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add network low complexity yzmcms CWE-352	8.8
2022-01-28	CVE-2022-23887	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3 YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete. network low complexity yzmcms CWE-352	6.5
2022-01-28	CVE-2022-23888	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3 YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html. network low complexity yzmcms CWE-352	8.8

Vulnerabilities > Yzmcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Yzmcms"}]}

Vulnerabilities > Yzmcms