CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Xyhcms: Security Vulnerabilities

CVE-2020-21656

XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.

CVSS Score

5.4

EPSS Score

0.002

Published

2021-10-06

CVE-2020-20586

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.

CVSS Score

4.5

EPSS Score

0.001

Published

2021-07-08

CVE-2018-14583

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.

CVSS Score

8.8

EPSS Score

0.001

Published

2018-07-24

Page 1

Vulnerabilities

Vulnerable Software

Xyhcms: Security Vulnerabilities

Products

Pricing

Contact Us