Vulnerabilities > Yzmcms > Yzmcms > 3.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-05 | CVE-2018-11554 | Information Exposure vulnerability in Yzmcms The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | 7.5 |
2018-03-13 | CVE-2018-8078 | Cross-site Scripting vulnerability in Yzmcms 3.7 YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | 3.5 |