Vulnerabilities > Yzmcms

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-3397 Cross-site Scripting vulnerability in Yzmcms 7.1
A vulnerability classified as problematic has been found in YzmCMS 7.1.
network
low complexity
yzmcms CWE-79
6.1
2024-02-06 CVE-2024-24291 Open Redirect vulnerability in Yzmcms 7.0
An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL.
network
low complexity
yzmcms CWE-601
6.1
2024-01-11 CVE-2023-52274 Cross-site Scripting vulnerability in Yzmcms 7.0
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.
network
low complexity
yzmcms CWE-79
6.1
2023-08-11 CVE-2020-23595 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.6
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.
network
low complexity
yzmcms CWE-352
8.8
2023-06-20 CVE-2020-20502 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 2.0
Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function.
network
low complexity
yzmcms CWE-352
6.5
2023-02-03 CVE-2021-36712 Cross-site Scripting vulnerability in Yzmcms 6.1
Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.
network
low complexity
yzmcms CWE-79
5.4
2022-03-10 CVE-2022-23383 Improper Authentication vulnerability in Yzmcms 6.3
YzmCMS v6.3 is affected by broken access control.
network
low complexity
yzmcms CWE-287
critical
9.1
2022-02-15 CVE-2022-23384 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
network
low complexity
yzmcms CWE-352
8.8
2022-01-28 CVE-2022-23887 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.
network
low complexity
yzmcms CWE-352
6.5
2022-01-28 CVE-2022-23888 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.
network
low complexity
yzmcms CWE-352
8.8