Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-30
Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-30
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-03-11
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
CVSS Score
4.8
EPSS Score
0.002
Published
2019-03-11
YzmCMS v5.2 has admin/role/add.html CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-10
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-04
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-07