Yzmcms: Security Vulnerabilities
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
CVSS Score
4.8
EPSS Score
0.002
Published
2019-03-11
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-03-05
YzmCMS v5.2 has admin/role/add.html CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-10
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-04
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-07
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-14
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-06-05
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
CVSS Score
6.8
EPSS Score
0.001
Published
2018-04-19
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.
CVSS Score
6.8
EPSS Score
0.001
Published
2018-04-19
The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11