Latest eyoucms eyoucms Vulnerabilities

CVE-2024-23033
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Eyoucms Eyoucms=1.6.5
CVE-2024-22927
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Eyoucms Eyoucms=1.6.5
CVE-2024-23032
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Eyoucms Eyoucms=1.6.5
CVE-2024-23031
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Eyoucms Eyoucms=1.6.5
CVE-2024-23034
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Eyoucms Eyoucms=1.6.5
CVE-2023-50566
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registrat...
Eyoucms Eyoucms=1.6.5-utf8-sp1
CVE-2023-48880
Eyoucms Eyoucms=1.6.4
CVE-2023-48881
Eyoucms Eyoucms=1.6.4
CVE-2023-48882
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field...
Eyoucms Eyoucms=1.6.4
CVE-2023-46935
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
Eyoucms Eyoucms=1.6.4
CVE-2023-37645
eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.
Eyoucms Eyoucms=1.6.3
CVE-2023-37133
A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Eyoucms Eyoucms=1.6.3
CVE-2023-37134
Eyoucms Eyoucms=1.6.3
CVE-2023-37136
A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Eyoucms Eyoucms=1.6.3
CVE-2023-37132
Eyoucms Eyoucms=1.6.3
CVE-2023-37135
A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Eyoucms Eyoucms=1.6.3
CVE-2023-36093
Eyoucms Eyoucms=1.6.3
CVE-2023-34657
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
Eyoucms Eyoucms=1.6.2
CVE-2023-33492
EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).
Eyoucms Eyoucms=1.6.2
CVE-2023-31708
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
Eyoucms Eyoucms=1.6.2
CVE-2023-30125
EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).
Eyoucms Eyoucms=1.6.1-utf8-sp1
CVE-2023-2058
EyouCms HTTP POST Request cross site scripting
Eyoucms Eyoucms<=1.6.2
<=1.6.2
CVE-2023-2057
EyouCms New Picture cross site scripting
Eyoucms Eyoucms=1.5.4
=1.5.4
CVE-2023-1799
EyouCMS login.php cross site scripting
Eyoucms Eyoucms<=1.5.4
<=1.5.4
CVE-2023-1798
EyouCMS login.php cross site scripting
Eyoucms Eyoucms<=1.5.4
CVE-2022-45755
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.
Eyoucms Eyoucms=1.6.0
CVE-2022-45538
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".
Eyoucms Eyoucms<=1.6.0
CVE-2022-45541
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
Eyoucms Eyoucms<=1.6.0
CVE-2022-45537
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".
Eyoucms Eyoucms<=1.6.0
CVE-2022-45539
Eyoucms Eyoucms<=1.6.0
CVE-2021-39428
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
Eyoucms Eyoucms=1.5.4
CVE-2022-45280
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Eyoucms Eyoucms=1.6.0
CVE-2022-44389
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account...
Eyoucms Eyoucms=1.5.9
CVE-2022-44390
A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number te...
Eyoucms Eyoucms=1.5.9
CVE-2022-44387
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.
Eyoucms Eyoucms=1.5.9
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
Eyoucms Eyoucms=1.5.9
CVE-2022-41500
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
Eyoucms Eyoucms=1.5.9
CVE-2022-36225
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.
Eyoucms Eyoucms=1.5.8
CVE-2022-35509
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title paramet...
Eyoucms Eyoucms=1.5.8
CVE-2022-33122
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.
Eyoucms Eyoucms=1.5.6
CVE-2022-26273
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
Eyoucms Eyoucms=1.5.4
CVE-2022-26279
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
Eyoucms Eyoucms=1.5.5
CVE-2021-42194
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entit...
Eyoucms Eyoucms=1.5.4
CVE-2021-46255
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.
Eyoucms Eyoucms=1.5.5-utf8-sp3_1
CVE-2020-24000
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
Eyoucms Eyoucms=1.4.7
CVE-2021-39501
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
Eyoucms Eyoucms=1.5.4
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable dire...
Eyoucms Eyoucms=1.5.4
CVE-2021-39496
Eyoucms Eyoucms=1.5.4
CVE-2021-39499
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
Eyoucms Eyoucms=1.5.4
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
Eyoucms Eyoucms=1.5.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203