Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eyoucms eyoucms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2057
A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripti...
Eyoucms Eyoucms 1.5.4
NA
CVE-2022-35509
An issue exists in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an malicious user to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the malicious user to obtain sensitive...
Eyoucms Eyoucms 1.5.8
NA
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 exists to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
Eyoucms Eyoucms 1.5.9
NA
CVE-2023-34657
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
Eyoucms Eyoucms 1.6.2
NA
CVE-2023-46935
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
Eyoucms Eyoucms 1.6.4
NA
CVE-2021-39428
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote malicious users to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
Eyoucms Eyoucms 1.5.4
312
VMScore
CVE-2021-39496
Eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject malicious code into `filename` param to trigger Reflected XSS.
Eyoucms Eyoucms 1.5.4
668
VMScore
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject a url to trigger blind SSRF via the saveRemote() function.
Eyoucms Eyoucms 1.5.4
383
VMScore
CVE-2021-39499
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote malicious users to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
Eyoucms Eyoucms 1.5.4
445
VMScore
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.
Eyoucms Eyoucms 1.5.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »