Vulnerabilities > Yzmcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-04-08 | CVE-2025-3397 | Cross-site Scripting vulnerability in Yzmcms 7.1 A vulnerability classified as problematic has been found in YzmCMS 7.1. | 6.1 |
2024-02-06 | CVE-2024-24291 | Open Redirect vulnerability in Yzmcms 7.0 An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | 6.1 |
2024-01-11 | CVE-2023-52274 | Cross-site Scripting vulnerability in Yzmcms 7.0 member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. | 6.1 |
2023-08-11 | CVE-2020-23595 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.6 Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | 8.8 |
2023-06-20 | CVE-2020-20502 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 2.0 Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. | 6.5 |
2023-02-03 | CVE-2021-36712 | Cross-site Scripting vulnerability in Yzmcms 6.1 Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. | 5.4 |
2022-03-10 | CVE-2022-23383 | Improper Authentication vulnerability in Yzmcms 6.3 YzmCMS v6.3 is affected by broken access control. | 9.1 |
2022-02-15 | CVE-2022-23384 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3 YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add | 8.8 |
2022-01-28 | CVE-2022-23887 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3 YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete. | 6.5 |
2022-01-28 | CVE-2022-23888 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3 YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html. | 8.8 |