Eyoucms: >> Eyoucms >> 1.5.4 Security Vulnerabilities
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-07
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-09-07
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-09-07
Page 3