Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:43 p.m.11 views

CVE-2021-39428

Cross Site Scripting XSS vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for editusersheadpic...

5.4CVSS6.5AI score0.00533EPSS
Exploits1
Prion
Prion
added 2023/04/14 2:15 p.m.16 views

Cross site scripting

A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpicloca leads to cross site scripting. It is possible to laun...

3.3CVSS6.1AI score0.00617EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/12/15 7:15 p.m.18 views

CVE-2021-39428

Cross Site Scripting XSS vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for editusersheadpic...

5.4CVSS6.5AI score
Exploits0References1
Cvelist
Cvelist
added 2022/12/15 12:0 a.m.26 views

CVE-2021-39428

Cross Site Scripting XSS vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for editusersheadpic...

5.8AI score0.00533EPSS
Exploits1References1
CVE
CVE
added 2022/12/15 12:0 a.m.64 views

CVE-2021-39428

CVE-2021-39428 is an XSS vulnerability in eyoucms 1.5.4, specifically in Users.php where the filename for edit_users_head_pic is exploitable. The connected sources confirm the flaw allows remote attackers to run arbitrary code and escalate privileges. The vulnerability details consistently refere...

5.4CVSS5.6AI score0.00533EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/09/07 9:15 p.m.16 views

CVE-2021-39501

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...

6.1CVSS0.03604EPSS
Exploits1References2
OSV
OSV
added 2021/09/07 9:15 p.m.18 views

CVE-2021-39500

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...

7.5CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2021/09/07 9:15 p.m.14 views

CVE-2021-39501

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...

6.1CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2021/09/07 9:15 p.m.21 views

Open redirect

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...

5.8CVSS6.1AI score0.03604EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2021/09/07 8:15 p.m.18 views

CVE-2021-39497

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...

9.8CVSS0.02358EPSS
Exploits1References3
Prion
Prion
added 2021/09/07 8:15 p.m.17 views

Server side request forgery (ssrf)

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...

7.5CVSS9.3AI score0.02358EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/09/07 8:15 p.m.14 views

Cross site scripting

Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into filename param to trigger Reflected XSS...

3.5CVSS5.6AI score0.00629EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/09/07 8:1 p.m.18 views

CVE-2021-39500

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...

7.7AI score0.01462EPSS
Exploits0References2
Rows per page
Query Builder