Vulnerabilities > Yzmcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-30 | CVE-2020-18084 | Cross-site Scripting vulnerability in Yzmcms 5.2 Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in. | 6.1 |
| 2020-11-19 | CVE-2020-22394 | Cross-site Scripting vulnerability in Yzmcms 5.5 In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2019-09-26 | CVE-2019-16532 | Injection vulnerability in Yzmcms 5.3 An HTTP Host header injection vulnerability exists in YzmCMS V5.3. | 6.1 |
| 2019-09-21 | CVE-2019-16678 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.3 admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | 6.5 |
| 2019-06-20 | CVE-2018-16247 | Cross-site Scripting vulnerability in Yzmcms 5.1 YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter. | 5.4 |
| 2019-03-11 | CVE-2019-9661 | Cross-site Scripting vulnerability in Yzmcms 5.2 Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter, | 4.8 |
| 2019-03-11 | CVE-2019-9660 | Cross-site Scripting vulnerability in Yzmcms 5.2 Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter. | 4.8 |
| 2019-03-05 | CVE-2019-9570 | Cross-site Scripting vulnerability in Yzmcms 5.2.0 An issue was discovered in YzmCMS 5.2.0. | 4.8 |
| 2018-12-10 | CVE-2018-20015 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.2 YzmCMS v5.2 has admin/role/add.html CSRF. | 8.8 |
| 2018-12-04 | CVE-2018-19849 | Cross-site Scripting vulnerability in Yzmcms 5.2 An issue was discovered in YzmCMS 5.2. | 4.8 |