EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL...
9.8CVSS
9.7AI Score
0.002EPSS
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post...
8.8CVSS
7.4AI Score
0.001EPSS
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent...
8.8CVSS
7.4AI Score
0.001EPSS
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to...
6.1CVSS
5.9AI Score
0.001EPSS
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content...
4.8CVSS
6.2AI Score
0.001EPSS
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange...
6.1CVSS
6.2AI Score
0.001EPSS
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via...
8.8CVSS
7.5AI Score
0.001EPSS
6.5CVSS
7.4AI Score
0.001EPSS
EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle...
5.4CVSS
6.1AI Score
0.001EPSS
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html...
6.1CVSS
6.2AI Score
0.001EPSS