Vulnerabilities > Yzmcms

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-23	CVE-2020-19949	Cross-site Scripting vulnerability in Yzmcms 5.3 A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. network low complexity yzmcms CWE-79	4.8
2021-09-23	CVE-2020-19950	Cross-site Scripting vulnerability in Yzmcms 5.3 A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. network low complexity yzmcms CWE-79	4.8
2021-09-23	CVE-2020-19951	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.5 A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. network low complexity yzmcms CWE-352	8.8
2021-09-01	CVE-2020-20341	Server-Side Request Forgery (SSRF) vulnerability in Yzmcms 5.5 YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. network low complexity yzmcms CWE-918	7.5
2021-07-30	CVE-2020-19118	Cross-site Scripting vulnerability in Yzmcms 5.2 Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. network low complexity yzmcms CWE-79	5.4
2021-06-03	CVE-2020-35970	Server-Side Request Forgery (SSRF) vulnerability in Yzmcms 5.8 An issue was discovered in YzmCMS 5.8. network low complexity yzmcms CWE-918	7.5
2021-06-03	CVE-2020-35971	Cross-site Scripting vulnerability in Yzmcms 5.8 A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page. network low complexity yzmcms CWE-79	5.4
2021-06-03	CVE-2020-35972	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.8 An issue was discovered in YzmCMS V5.8. network low complexity yzmcms CWE-352	4.3
2021-05-10	CVE-2020-23369	Cross-site Scripting vulnerability in Yzmcms 5.6 In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3. network low complexity yzmcms CWE-79	6.1
2021-05-10	CVE-2020-23370	Cross-site Scripting vulnerability in Yzmcms 5.6 In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. network low complexity yzmcms CWE-79	5.4

Vulnerabilities > Yzmcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Yzmcms"}]}

Vulnerabilities > Yzmcms