Eyoucms: >> Eyoucms Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-14
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-14
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-10-18
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-08-19
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-08-10
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-24
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-28
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-03-24
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-03-20
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-01-14