Eyoucms: >> Eyoucms >> 1.3.6 Security Vulnerabilities
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-20
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-20
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-20
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-01-20
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-19
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-19
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-18
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
CVSS Score
6.1
EPSS Score
0.007
Published
2021-08-18
Page 2