Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-05	CVE-2019-9570	Cross-site Scripting vulnerability in Yzmcms 5.2.0 An issue was discovered in YzmCMS 5.2.0. network low complexity yzmcms CWE-79	4.8
2018-12-04	CVE-2018-19849	Cross-site Scripting vulnerability in Yzmcms 5.2 An issue was discovered in YzmCMS 5.2. network low complexity yzmcms CWE-79	4.8
2018-11-07	CVE-2018-19092	Cross-site Scripting vulnerability in Yzmcms 5.2 An issue was discovered in YzmCMS v5.2. network low complexity yzmcms CWE-79	6.1
2018-09-14	CVE-2018-17044	Cross-site Scripting vulnerability in Yzmcms 5.1 In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. network low complexity yzmcms CWE-79	4.8
2018-04-19	CVE-2018-10224	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 3.8 An issue was discovered in YzmCMS 3.8. network low complexity yzmcms CWE-352	6.8
2018-04-19	CVE-2018-10223	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 3.8 An issue was discovered in YzmCMS 3.8. network low complexity yzmcms CWE-352	6.8
2018-04-11	CVE-2018-10026	Cross-site Scripting vulnerability in Yzmcms 3.7.1 The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. network low complexity yzmcms CWE-79	4.8
2018-03-13	CVE-2018-8078	Cross-site Scripting vulnerability in Yzmcms 3.7 YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. network low complexity yzmcms CWE-79	5.4
2018-03-04	CVE-2018-7653	Cross-site Scripting vulnerability in Yzmcms 3.6 In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. network low complexity yzmcms CWE-79	6.1
2018-02-26	CVE-2018-7479	Exposure of Resource to Wrong Sphere vulnerability in Yzmcms 3.6 YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php. network low complexity yzmcms CWE-668	5.3