CVE-2020-24000

SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php...

CVE-2025-65868

XML external entity XXE injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request...

CVE-2025-65868

XML external entity XXE injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request...

EUVD-2020-10058

Malware in sbrugna...

CVE-2025-52335

EyouCMS 1.7.3 is vulnerale to Cross Site Scripting XSS in index.php, which can be exploited to obtain sensitive information...

EyouCMS 安全漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. A security vulnerability exists in EyouCMS version 1.6.7, which originates from a cross-site scripting attack due to incorrect operation of the file /login.php?m=admin&c=System&a=web&lang=cn...

CVE-2024-23031

Cross Site Scripting XSS vulnerability in iswater parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

CVE-2024-22927

Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

CVE-2023-1798

A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has be...

CVE-2022-45280

A cross-site scripting XSS vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2021-39497

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...

CVE-2024-23034

Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

CVE-2024-23032

Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

CVE-2024-22927

Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

CVE-2024-23033

Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

PT-2024-19617

Name of the Vulnerable Software and Affected Versions eyoucms version 1.6.5 Description A Cross Site Scripting XSS issue exists in the func parameter, allowing a remote attacker to execute arbitrary code via a crafted URL. Recommendations For eyoucms version 1.6.5, consider restricting access to...

CVE-2024-22927

Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

CVE-2023-46935

eyoucms v1.6.4 is vulnerable Cross Site Scripting XSS, which can lead to stealing sensitive information of logged-in users...

CVE-2023-37136

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37135

A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...