Lucene search
K

52 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:17 p.m.8 views

CVE-2018-10127

An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage=Rbac=addUser request, resulting in addition of an account with the administrator role...

8.8CVSS7AI score0.00483EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-13372

Malware in sbrugna...

4.5CVSS4.9AI score0.00388EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-14424

Malware in sbrugna...

5.4CVSS5.6AI score0.00436EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-2206

Malware in sbrugna...

6.1CVSS6.3AI score0.00672EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-6490

Malware in sbrugna...

8.8CVSS8.8AI score0.00494EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-2205

Malware in sbrugna...

8.8CVSS8.8AI score0.00483EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 p.m.5 views

CVE-2020-20586

A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...

4.5CVSS6.5AI score0.00388EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:54 p.m.5 views

CVE-2020-21656

XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...

5.4CVSS5.6AI score0.00436EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 a.m.5 views

CVE-2018-14583

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account...

8.8CVSS6.9AI score0.00494EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:28 a.m.7 views

CVE-2018-10128

An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...

6.1CVSS5.8AI score0.00672EPSS
Exploits0References1
OSV
OSV
added 2021/10/06 10:15 p.m.4 views

CVE-2020-21656

XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...

5.4CVSS6AI score0.00436EPSS
Exploits1References1
NVD
NVD
added 2021/10/06 10:15 p.m.24 views

CVE-2020-21656

XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...

5.4CVSS0.00436EPSS
Exploits1References1
Prion
Prion
added 2021/10/06 10:15 p.m.10 views

Cross site scripting

XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...

3.5CVSS5.2AI score0.00436EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/10/06 9:34 p.m.35 views

CVE-2020-21656

CVE-2020-21656 is a stored XSS in XYHCMS v3.6, affecting the endpoint xyhai.php?s=/Link/index. The root cause is insufficient input validation in that component, enabling client-side code execution. No exploitation details are provided in the supplied documents.

5.4CVSS5.2AI score0.00436EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/06 9:34 p.m.25 views

CVE-2020-21656

XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...

5.3AI score0.00436EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/09 12:0 a.m.4 views

xyhcms cross-site request forgery vulnerability (CNVD-2021-50087)

xyhcms is a software application. A completely open source CMS content management system, simple, easy to use, secure, stable and free. xyhcmsV3.6 has a security vulnerability that can be exploited by an attacker to edit any information about an administrator, such as name, email and password...

4.5CVSS6.6AI score0.00388EPSS
Exploits1
OSV
OSV
added 2021/07/08 4:15 p.m.2 views

CVE-2020-20586

A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...

4.5CVSS5.3AI score0.00388EPSS
Exploits1References3
NVD
NVD
added 2021/07/08 4:15 p.m.14 views

CVE-2020-20586

A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...

4.5CVSS0.00388EPSS
Exploits1References2
Prion
Prion
added 2021/07/08 4:15 p.m.15 views

Cross site request forgery (csrf)

A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...

3.5CVSS4.8AI score0.00388EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/07/08 3:44 p.m.23 views

CVE-2020-20586

A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...

4.7AI score0.00388EPSS
Exploits1References2
Rows per page
Query Builder