An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-06-03
A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-06-03
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-06-03