A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-09-23
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-09-01
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-11-19