5 matches found
EUVD-2021-9984
Malicious code in bioql PyPI...
CVE-2021-22847
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege...
CVE-2021-22849
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS Stored Cross-site scripting attack...
Privilege escalation
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege...
Hyweb HyCMS-J Cross-Site Scripting Vulnerability
Hyweb HyCMS-J1 is a text management system from the Chinese company Hyweb. Hyweb HyCMS-J1 suffers from a cross-site scripting vulnerability that stems from the back-end editing function not filtering special characters. An attacker can exploit this vulnerability to inject JavaScript syntax to...