Vulnerabilities > Yzmcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-07 | CVE-2018-19092 | Cross-site Scripting vulnerability in Yzmcms 5.2 An issue was discovered in YzmCMS v5.2. | 4.3 |
| 2018-09-14 | CVE-2018-17044 | Cross-site Scripting vulnerability in Yzmcms 5.1 In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. | 3.5 |
| 2018-06-05 | CVE-2018-11554 | Information Exposure vulnerability in Yzmcms The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | 7.5 |
| 2018-04-19 | CVE-2018-10224 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 3.8 An issue was discovered in YzmCMS 3.8. | 6.0 |
| 2018-04-19 | CVE-2018-10223 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 3.8 An issue was discovered in YzmCMS 3.8. | 6.0 |
| 2018-04-11 | CVE-2018-10026 | Cross-site Scripting vulnerability in Yzmcms 3.7.1 The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. | 3.5 |
| 2018-03-18 | CVE-2018-8756 | Code Injection vulnerability in Yzmcms 3.7.1 Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request. | 6.5 |
| 2018-03-13 | CVE-2018-8078 | Cross-site Scripting vulnerability in Yzmcms 3.7 YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | 3.5 |
| 2018-03-04 | CVE-2018-7653 | Cross-site Scripting vulnerability in Yzmcms 3.6 In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. | 4.3 |
| 2018-03-01 | CVE-2018-7579 | SQL Injection vulnerability in Yzmcms 3.6 \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. | 6.5 |