Latest yzmcms yzmcms Vulnerabilities

CVE-2024-24291
An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL.
Yzmcms Yzmcms=7.0
CVE-2023-52274
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.
Yzmcms Yzmcms>=6.5<=7.0
CVE-2020-23595
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.
Yzmcms Yzmcms=5.6
CVE-2020-20502
Yzmcms Yzmcms=2.0
CVE-2021-36712
Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.
Yzmcms Yzmcms=6.1
CVE-2022-23383
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing...
Yzmcms Yzmcms=6.3
CVE-2022-23384
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
Yzmcms Yzmcms=6.3
CVE-2022-23887
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.
Yzmcms Yzmcms=6.3
CVE-2022-23888
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.
Yzmcms Yzmcms=6.3
CVE-2022-23889
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments.
Yzmcms Yzmcms=6.3
CVE-2020-19951
A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
Yzmcms Yzmcms=5.5
CVE-2020-19950
A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
Yzmcms Yzmcms=5.3
CVE-2020-19949
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
Yzmcms Yzmcms=5.3
CVE-2020-20341
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
Yzmcms Yzmcms=5.5
CVE-2020-35970
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
Yzmcms Yzmcms=5.8
CVE-2020-35971
A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.
Yzmcms Yzmcms=5.8
CVE-2020-35972
Yzmcms Yzmcms=5.8
CVE-2020-23370
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with...
Yzmcms Yzmcms=5.6
CVE-2020-23369
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
Yzmcms Yzmcms=5.6
CVE-2020-18084
Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html"...
Yzmcms Yzmcms=5.2
CVE-2020-22394
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.
Yzmcms Yzmcms=5.5
CVE-2019-16678
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
Yzmcms Yzmcms=5.3
CVE-2018-16247
YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.
Yzmcms Yzmcms=5.1
CVE-2019-9660
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.
Yzmcms Yzmcms=5.2
CVE-2019-9661
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
Yzmcms Yzmcms=5.2
CVE-2019-9570
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter.
Yzmcms Yzmcms=5.2.0
CVE-2018-20015
YzmCMS v5.2 has admin/role/add.html CSRF.
Yzmcms Yzmcms=5.2
CVE-2018-19849
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
Yzmcms Yzmcms=5.2
CVE-2018-19092
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does n...
Yzmcms Yzmcms=5.2
CVE-2018-17044
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.
Yzmcms Yzmcms=5.1
CVE-2018-11554
Yzmcms Yzmcms>=3.2<=3.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203