Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eyoucms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-45542
EyouCMS <= 1.6.0 exists a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
Eyoucms Eyoucms
8.8
CVSSv3
CVE-2022-36225
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.
Eyoucms Eyoucms 1.5.8
5.4
CVSSv3
CVE-2022-45280
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Eyoucms Eyoucms 1.6.0
6.1
CVSSv3
CVE-2021-39501
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
Eyoucms Eyoucms 1.5.4
6.1
CVSSv3
CVE-2023-41597
EyouCms v1.6.2 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.
Eyoucms Eyoucms 1.6.2
5.4
CVSSv3
CVE-2021-39428
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote malicious users to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
Eyoucms Eyoucms 1.5.4
5.4
CVSSv3
CVE-2021-39496
Eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject malicious code into `filename` param to trigger Reflected XSS.
Eyoucms Eyoucms 1.5.4
9.8
CVSSv3
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject a url to trigger blind SSRF via the saveRemote() function.
Eyoucms Eyoucms 1.5.4
6.1
CVSSv3
CVE-2021-39499
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote malicious users to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
Eyoucms Eyoucms 1.5.4
7.5
CVSSv3
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.
Eyoucms Eyoucms 1.5.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »