Hyweb: >> Hycms-J1 >> 7.4.3 Security Vulnerabilities
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
CVSS Score
8.8
EPSS Score
0.012
Published
2021-01-22
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
CVSS Score
4.6
EPSS Score
0.002
Published
2021-01-22