Vulnerabilities > Yzmcms

DATE CVE VULNERABILITY TITLE RISK
2018-11-07 CVE-2018-19092 Cross-site Scripting vulnerability in Yzmcms 5.2
An issue was discovered in YzmCMS v5.2.
network
low complexity
yzmcms CWE-79
6.1
6.1
2018-09-14 CVE-2018-17044 Cross-site Scripting vulnerability in Yzmcms 5.1
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.
network
low complexity
yzmcms CWE-79
4.8
4.8
2018-06-05 CVE-2018-11554 Information Exposure vulnerability in Yzmcms
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
network
low complexity
yzmcms CWE-200
critical
 9.8
9.8
2018-04-19 CVE-2018-10224 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 3.8
An issue was discovered in YzmCMS 3.8.
network
low complexity
yzmcms CWE-352
6.8
6.8
2018-04-19 CVE-2018-10223 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 3.8
An issue was discovered in YzmCMS 3.8.
network
low complexity
yzmcms CWE-352
6.8
6.8
2018-04-11 CVE-2018-10026 Cross-site Scripting vulnerability in Yzmcms 3.7.1
The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.
network
low complexity
yzmcms CWE-79
4.8
4.8
2018-03-18 CVE-2018-8756 Code Injection vulnerability in Yzmcms 3.7.1
Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request.
network
low complexity
yzmcms CWE-94
7.2
7.2
2018-03-13 CVE-2018-8078 Cross-site Scripting vulnerability in Yzmcms 3.7
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.
network
low complexity
yzmcms CWE-79
5.4
5.4
2018-03-04 CVE-2018-7653 Cross-site Scripting vulnerability in Yzmcms 3.6
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
network
low complexity
yzmcms CWE-79
6.1
6.1
2018-03-01 CVE-2018-7579 SQL Injection vulnerability in Yzmcms 3.6
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.
network
low complexity
yzmcms CWE-89
7.2
7.2