Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2019-6294

Disclosure Date: January 15, 2019 (last updated November 27, 2024)
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
0
0
Attacker Value
Unknown

CVE-2018-17113

Disclosure Date: September 17, 2018 (last updated November 27, 2024)
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.
0
0
Attacker Value
Unknown

CVE-2018-16773

Disclosure Date: September 10, 2018 (last updated November 27, 2024)
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
0
0
Attacker Value
Unknown

CVE-2018-16345

Disclosure Date: September 02, 2018 (last updated November 27, 2024)
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
0
0