13 matches found
CVE-2021-39428
Cross Site Scripting XSS vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for editusersheadpic...
Cross site scripting
A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpicloca leads to cross site scripting. It is possible to laun...
CVE-2021-39428
Cross Site Scripting XSS vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for editusersheadpic...
CVE-2021-39428
Cross Site Scripting XSS vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for editusersheadpic...
CVE-2021-39428
CVE-2021-39428 is an XSS vulnerability in eyoucms 1.5.4, specifically in Users.php where the filename for edit_users_head_pic is exploitable. The connected sources confirm the flaw allows remote attackers to run arbitrary code and escalate privileges. The vulnerability details consistently refere...
CVE-2021-39501
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...
CVE-2021-39501
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...
Open redirect
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...
Server side request forgery (ssrf)
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...
Cross site scripting
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into filename param to trigger Reflected XSS...
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories...