Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eyoucms eyoucms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-37136
A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Eyoucms Eyoucms 1.6.3
NA
CVE-2023-37645
eyoucms v1.6.3 exists to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.
Eyoucms Eyoucms 1.6.3
578
VMScore
CVE-2021-42194
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
Eyoucms Eyoucms 1.5.4
NA
CVE-2023-46935
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
Eyoucms Eyoucms 1.6.4
NA
CVE-2023-36093
There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
Eyoucms Eyoucms 1.6.3
NA
CVE-2022-45280
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Eyoucms Eyoucms 1.6.0
NA
CVE-2021-39428
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote malicious users to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
Eyoucms Eyoucms 1.5.4
312
VMScore
CVE-2021-39496
Eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject malicious code into `filename` param to trigger Reflected XSS.
Eyoucms Eyoucms 1.5.4
668
VMScore
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject a url to trigger blind SSRF via the saveRemote() function.
Eyoucms Eyoucms 1.5.4
383
VMScore
CVE-2021-39499
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote malicious users to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
Eyoucms Eyoucms 1.5.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »