Vulnerabilities > Yzmcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-03 CVE-2020-35972 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.8
An issue was discovered in YzmCMS V5.8.
network
low complexity
yzmcms CWE-352
4.3
4.3
2021-05-10 CVE-2020-23369 Cross-site Scripting vulnerability in Yzmcms 5.6
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
network
low complexity
yzmcms CWE-79
6.1
6.1
2021-05-10 CVE-2020-23370 Cross-site Scripting vulnerability in Yzmcms 5.6
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file.
network
low complexity
yzmcms CWE-79
5.4
5.4
2021-04-30 CVE-2020-18084 Cross-site Scripting vulnerability in Yzmcms 5.2
Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.
network
low complexity
yzmcms CWE-79
6.1
6.1
2020-11-19 CVE-2020-22394 Cross-site Scripting vulnerability in Yzmcms 5.5
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.
network
low complexity
yzmcms CWE-79
6.1
6.1
2019-09-26 CVE-2019-16532 Injection vulnerability in Yzmcms 5.3
An HTTP Host header injection vulnerability exists in YzmCMS V5.3.
network
low complexity
yzmcms CWE-74
6.1
6.1
2019-09-21 CVE-2019-16678 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.3
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
network
low complexity
yzmcms CWE-352
6.5
6.5
2019-06-20 CVE-2018-16247 Cross-site Scripting vulnerability in Yzmcms 5.1
YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.
network
low complexity
yzmcms CWE-79
5.4
5.4
2019-03-11 CVE-2019-9661 Cross-site Scripting vulnerability in Yzmcms 5.2
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
network
low complexity
yzmcms CWE-79
4.8
4.8
2019-03-11 CVE-2019-9660 Cross-site Scripting vulnerability in Yzmcms 5.2
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.
network
low complexity
yzmcms CWE-79
4.8
4.8