Show filters
8 Total Results
Displaying 1-8 of 8
Sort by:
Attacker Value
Unknown
CVE-2020-19118
Disclosure Date: July 30, 2021 (last updated February 23, 2025)
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.
0
Attacker Value
Unknown
CVE-2020-18084
Disclosure Date: April 30, 2021 (last updated February 22, 2025)
Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.
0
Attacker Value
Unknown
CVE-2019-9660
Disclosure Date: March 11, 2019 (last updated November 27, 2024)
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.
0
Attacker Value
Unknown
CVE-2019-9661
Disclosure Date: March 11, 2019 (last updated November 27, 2024)
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
0
Attacker Value
Unknown
CVE-2019-9570
Disclosure Date: March 05, 2019 (last updated November 27, 2024)
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter.
0
Attacker Value
Unknown
CVE-2018-20015
Disclosure Date: December 10, 2018 (last updated November 27, 2024)
YzmCMS v5.2 has admin/role/add.html CSRF.
0
Attacker Value
Unknown
CVE-2018-19849
Disclosure Date: December 04, 2018 (last updated November 27, 2024)
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
0
Attacker Value
Unknown
CVE-2018-19092
Disclosure Date: November 07, 2018 (last updated November 27, 2024)
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.
0
