Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yxcms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-8805
Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request.
Yxcms Yxcms 1.4.7
6.5
CVSSv2
CVE-2018-19404
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onl...
Yxcms Yxcms 1.4.7
5
CVSSv2
CVE-2018-8761
protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing malicious users to modify a price, before form submission, by observing data in a packet capture.
Yxcms Yxcms 1.4.7
5.5
CVSSv2
CVE-2018-13025
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote malicious users to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.
Yxcms Yxcms 1.4.7
4.3
CVSSv2
CVE-2018-11003
An issue exists in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote malicious users to delete administrator accounts via index.php?r=admin/admin/admindel.
Yxcms Yxcms 1.4.7
NA
CVE-2023-2058
A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipul...
Eyoucms Eyoucms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started