Vulnerabilities > Yzmcms

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2020-19949 Cross-site Scripting vulnerability in Yzmcms 5.3
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
network
yzmcms CWE-79
3.5
3.5
2021-09-23 CVE-2020-19950 Cross-site Scripting vulnerability in Yzmcms 5.3
A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
network
yzmcms CWE-79
3.5
3.5
2021-09-23 CVE-2020-19951 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.5
A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
network
yzmcms CWE-352
6.8
6.8
2021-09-01 CVE-2020-20341 Server-Side Request Forgery (SSRF) vulnerability in Yzmcms 5.5
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
network
low complexity
yzmcms CWE-918
5.0
5.0
2021-07-30 CVE-2020-19118 Cross-site Scripting vulnerability in Yzmcms 5.2
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.
network
yzmcms CWE-79
3.5
3.5
2021-06-03 CVE-2020-35970 Server-Side Request Forgery (SSRF) vulnerability in Yzmcms 5.8
An issue was discovered in YzmCMS 5.8.
network
low complexity
yzmcms CWE-918
5.0
5.0
2021-06-03 CVE-2020-35971 Cross-site Scripting vulnerability in Yzmcms 5.8
A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.
network
yzmcms CWE-79
3.5
3.5
2021-06-03 CVE-2020-35972 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.8
An issue was discovered in YzmCMS V5.8.
network
yzmcms CWE-352
4.3
4.3
2021-05-10 CVE-2020-23369 Cross-site Scripting vulnerability in Yzmcms 5.6
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
network
yzmcms CWE-79
4.3
4.3
2021-05-10 CVE-2020-23370 Cross-site Scripting vulnerability in Yzmcms 5.6
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file.
network
yzmcms CWE-79
3.5
3.5