52 matches found
CVE-2018-10127
An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage=Rbac=addUser request, resulting in addition of an account with the administrator role...
EUVD-2018-2205
Malware in sbrugna...
EUVD-2018-6490
Malware in sbrugna...
EUVD-2018-2206
Malware in sbrugna...
EUVD-2020-13372
Malware in sbrugna...
EUVD-2020-14424
Malware in sbrugna...
CVE-2020-20586
A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...
CVE-2020-21656
XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...
CVE-2018-14583
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account...
CVE-2018-10128
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...
CVE-2020-21656
XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...
CVE-2020-21656
XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...
Cross site scripting
XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...
CVE-2020-21656
CVE-2020-21656 is a stored XSS in XYHCMS v3.6, affecting the endpoint xyhai.php?s=/Link/index. The root cause is insufficient input validation in that component, enabling client-side code execution. No exploitation details are provided in the supplied documents.
CVE-2020-21656
XYHCMS v3.6 contains a stored cross-site scripting XSS vulnerability in the component xyhai.php?s=/Link/index...
xyhcms cross-site request forgery vulnerability (CNVD-2021-50087)
xyhcms is a software application. A completely open source CMS content management system, simple, easy to use, secure, stable and free. xyhcmsV3.6 has a security vulnerability that can be exploited by an attacker to edit any information about an administrator, such as name, email and password...
CVE-2020-20586
A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...
CVE-2020-20586
A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...
Cross site request forgery (csrf)
A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...
CVE-2020-20586
CVE-2020-20586 is a CSRF vulnerability in XYHCMS v3.6 that affects the endpoint /xyhai.php?s=/Auth/editUser, enabling an attacker to modify administrator data (name, email, password). The affected component is the XYHCMS CMS, specifically the editUser CSRF path. Root cause and exact code impact a...