Vulnerabilities > Yzmcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2022-23889 | Uncontrolled Recursion vulnerability in Yzmcms 6.3 The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments. | 5.3 |
| 2021-09-23 | CVE-2020-19949 | Cross-site Scripting vulnerability in Yzmcms 5.3 A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | 4.8 |
| 2021-09-23 | CVE-2020-19950 | Cross-site Scripting vulnerability in Yzmcms 5.3 A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | 4.8 |
| 2021-09-23 | CVE-2020-19951 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.5 A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | 8.8 |
| 2021-09-01 | CVE-2020-20341 | Server-Side Request Forgery (SSRF) vulnerability in Yzmcms 5.5 YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | 7.5 |
| 2021-07-30 | CVE-2020-19118 | Cross-site Scripting vulnerability in Yzmcms 5.2 Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | 5.4 |
| 2021-06-03 | CVE-2020-35970 | Server-Side Request Forgery (SSRF) vulnerability in Yzmcms 5.8 An issue was discovered in YzmCMS 5.8. | 7.5 |
| 2021-06-03 | CVE-2020-35971 | Cross-site Scripting vulnerability in Yzmcms 5.8 A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page. | 5.4 |
| 2021-06-03 | CVE-2020-35972 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.8 An issue was discovered in YzmCMS V5.8. | 4.3 |
| 2021-05-10 | CVE-2020-23369 | Cross-site Scripting vulnerability in Yzmcms 5.6 In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3. | 6.1 |