YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-15
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-01-28
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-01-28
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-01-28
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-09-23
A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-09-23
A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-09-23
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-09-01
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-30
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-06-03