Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eyoucms eyoucms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-35509
An issue exists in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an malicious user to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the malicious user to obtain sensitive...
Eyoucms Eyoucms 1.5.8
NA
CVE-2023-34657
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
Eyoucms Eyoucms 1.6.2
312
VMScore
CVE-2022-33122
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.
Eyoucms Eyoucms 1.5.6
NA
CVE-2021-39428
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote malicious users to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
Eyoucms Eyoucms 1.5.4
312
VMScore
CVE-2021-39496
Eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject malicious code into `filename` param to trigger Reflected XSS.
Eyoucms Eyoucms 1.5.4
668
VMScore
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject a url to trigger blind SSRF via the saveRemote() function.
Eyoucms Eyoucms 1.5.4
383
VMScore
CVE-2021-39499
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote malicious users to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
Eyoucms Eyoucms 1.5.4
445
VMScore
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.
Eyoucms Eyoucms 1.5.4
517
VMScore
CVE-2021-39501
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
Eyoucms Eyoucms 1.5.4
NA
CVE-2023-48880
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
Eyoucms Eyoucms 1.6.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »