Vulnerabilities > Yzmcms

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2021-36712 Cross-site Scripting vulnerability in Yzmcms 6.1
Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.
network
low complexity
yzmcms CWE-79
5.4
5.4
2022-03-10 CVE-2022-23383 Improper Authentication vulnerability in Yzmcms 6.3
YzmCMS v6.3 is affected by broken access control.
network
low complexity
yzmcms CWE-287
6.4
6.4
2022-02-15 CVE-2022-23384 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
network
yzmcms CWE-352
6.8
6.8
2022-01-28 CVE-2022-23887 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.
network
yzmcms CWE-352
4.3
4.3
2022-01-28 CVE-2022-23888 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.
network
yzmcms CWE-352
6.8
6.8
2022-01-28 CVE-2022-23889 Uncontrolled Recursion vulnerability in Yzmcms 6.3
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments.
network
low complexity
yzmcms CWE-674
5.0
5.0
2021-09-23 CVE-2020-19949 Cross-site Scripting vulnerability in Yzmcms 5.3
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
network
yzmcms CWE-79
3.5
3.5
2021-09-23 CVE-2020-19950 Cross-site Scripting vulnerability in Yzmcms 5.3
A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
network
yzmcms CWE-79
3.5
3.5
2021-09-23 CVE-2020-19951 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.5
A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
network
yzmcms CWE-352
6.8
6.8
2021-09-01 CVE-2020-20341 Server-Side Request Forgery (SSRF) vulnerability in Yzmcms 5.5
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
network
low complexity
yzmcms CWE-918
5.0
5.0