Vulnerabilities > Yzmcms > Yzmcms > 5.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-11 | CVE-2020-23595 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.6 Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | 8.8 |
| 2021-05-10 | CVE-2020-23369 | Cross-site Scripting vulnerability in Yzmcms 5.6 In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3. | 4.3 |
| 2021-05-10 | CVE-2020-23370 | Cross-site Scripting vulnerability in Yzmcms 5.6 In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. | 3.5 |