ReportizFlow
Filtered by vendor Eyoucms
Subscriptions
Filtered by product Eyoucms
Subscriptions
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34657 | 1 Eyoucms | 1 Eyoucms | 2024-12-12 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. | ||||
| CVE-2023-36093 | 1 Eyoucms | 1 Eyoucms | 2024-12-03 | 5.4 Medium |
| There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 | ||||
| CVE-2023-48880 | 1 Eyoucms | 1 Eyoucms | 2024-11-26 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | ||||
| CVE-2024-23034 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-23033 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-23032 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-23031 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-22927 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2023-50566 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter. | ||||
| CVE-2023-48882 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | ||||
| CVE-2023-48881 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. | ||||
| CVE-2023-46935 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. | ||||
| CVE-2023-42286 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A |
| There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload. | ||||
| CVE-2023-41597 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. | ||||
| CVE-2023-37645 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.3 Medium |
| eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt. | ||||
| CVE-2023-37136 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37135 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37134 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37133 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37132 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||