109 matches found
CVE-2018-10374
EasyCMS 1.3 is affected by a Cross‑Site Scripting (XSS) vulnerability in the s POST parameter (the value of the search box) sent to index.php?s=/index/search/index.html. The issue arises from XSS in that parameter, enabling injection of arbitrary script/HTML. This CVE entry corresponds to EasyCMS...
Logic Design Vulnerability in EasyCMS Frontend
EasyCMS is lightweight scalable open source content management program, following the Apache2 open source agreement. A logical design vulnerability exists in the frontend of EasyCMS. Attackers can log into the user center and modify other people's mailboxes and data by intercepting and modifying...
SQL Injection Vulnerability in EasyCMS PersonAction.class.php Source File
EasyCMS is lightweight scalable open source content management program, following the Apache2 open source agreement. SQL injection vulnerability exists in the PersonAction.class.php source file under App\Modules\Member\Action in the EasyCMS directory. The vulnerability is due to the system fails ...
Reflective XSS Vulnerability in EasyCMS Enterprise Marketing Management System Administration Backend
EasyCMS is a web content management system based on PHP+Mysql architecture. A reflective XSS vulnerability exists in the administration backend of the EasyCMS enterprise marketing management system, which can be exploited by an attacker to submit data with js code on the personal information page...
easycms <= 0.4.2 - Multiple Vulnerabilities
No description provided by source. --==+================================================================================+==-- --==+ easyCMS = 0.4.2 Multiple Remote Vulnerabilitys +==-- --==+================================================================================+==-- Discovered By: t0pP8u...
easycms-multi.txt
--==+================================================================================+==-- --==+ easyCMS 0.2 allows a simple sql statement to be inserted into the cookie bypassing the admin login. see below for the vulnerabilitys. SQL Injection version = 0.2: javascript:document.cookie = "user=' ...
easyCMS <= 0.4.2 Multiple Remote Vulnerabilities
No description provided by source. --==+================================================================================+==-- --==+ easyCMS = 0.4.2 Multiple Remote Vulnerabilitys +==-- --==+================================================================================+==-- Discovered By: t0pP8u...
Easycms 0.4.2 - Multiple Vulnerabilities
--==+================================================================================+==-- --==+ easyCMS 0.2 allows a simple sql statement to be inserted into the cookie bypassing the admin login. see below for the vulnerabilitys. SQL Injection version = 0.2: javascript:document.cookie = "user=' ...
EasyCMS vulnerable to XSS injection.
The Norwegian web-publishing system EasyCMS www.easycms.no contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS. It does not filter script tags and simple scripting like...