Lucene search
K

406 matches found

Nuclei
Nuclei
added 10 hours ago67 views

YzmCMS v3.6 - Cross-Site Scripting

In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. id: CVE-2018-7653 info: name: YzmCMS v3.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. impact: | Attackers can execute arbitrary JavaScript in...

6.1CVSS6.4AI score0.08686EPSS
Exploits5References5
NVD
NVD
added 5 days ago9 views

CVE-2026-15202

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS0.00263EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-15202 YzmCMS Header yzmphp.php get_url cross site scripting

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS0.00263EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42655

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS4.1AI score0.00263EPSS
Exploits0References5
CVE
CVE
added 5 days ago11 views

CVE-2026-15202

CVE-2026-15202 affects YzmCMS up to version 7.5. The vulnerability resides in the get_url function of /yzmphp/yzmphp.php within the Header Handler, where manipulation of the HTTP_HOST argument enables cross-site scripting. Exploitation is remote and publicly disclosed. Vendor contact did not elic...

5.3CVSS4.1AI score0.00263EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 4:16 a.m.10 views

CVE-2026-13529

A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...

6.3CVSS0.00239EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 3:0 a.m.41 views

CVE-2026-13529 YzmCMS index.php sql injection

A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...

6.3CVSS0.00239EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 3:0 a.m.8 views

EUVD-2026-40026

A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...

6.3CVSS5.8AI score0.00239EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 3:0 a.m.18 views

CVE-2026-13529

CVE-2026-13529 : In YzmCMS (up to v7.5), a vulnerability affects an unknown function in /application/install/index.php where manipulating the siteurl parameter can cause SQL injection. The issue is exploitable remotely with high attack complexity and partial confidentiality/integrity/availability...

6.3CVSS5.8AI score0.00239EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.11 views

CVE-2026-29933

A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...

5.8AI score0.00194EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 3:30 p.m.6 views

EUVD-2026-16209

A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...

5.8AI score0.00194EPSS
Exploits1References2
NVD
NVD
added 2026/03/26 3:16 p.m.5 views

CVE-2026-29933

A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...

6.1CVSS0.00194EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

Yzmcms 安全漏洞

Yzmcms is a set of open-source CMS Content Management Systems developed by Yzmcms. Version Yzmcms v7.4 contains a security vulnerability. This vulnerability stems from a reflection cross-site scripting vulnerability in the /index/login.html component. Attackers can execute arbitrary JavaScript in...

6.1CVSS5.9AI score0.00194EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:0 a.m.7 views

CVE-2026-29933

A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...

5.8AI score0.00194EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/26 12:0 a.m.2 views

CVE-2026-29933

A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...

6AI score0.00194EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/26 12:0 a.m.26 views

CVE-2026-29933

A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...

0.00194EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28390

Name of the Vulnerable Software and Affected Versions YZMCMS version 7.4 Description A reflected cross-site scripting XSS issue exists in the /index/login.html component. This allows attackers to execute arbitrary Javascript within the user's browser by modifying the referrer value in the request...

6AI score0.00194EPSS
Exploits1References4
CVE
CVE
added 2026/03/26 12:0 a.m.9 views

CVE-2026-29933

CVE-2026-29933 describes a reflected XSS in YZMCMS v7.4, specifically in the "/index/login.html" component. The issue arises when an attacker can modify the referrer header, causing arbitrary Javascript to run in the victim’s browser. Affected product/version: YZMCMS 7.4. Root cause: reflected XS...

6.1CVSS5.8AI score0.00194EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.5 views

CVE-2022-23888

YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey CSRF via the component /yzmcms/comment/index/init.html...

8.8CVSS7.5AI score0.0082EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.11 views

CVE-2022-23383

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non...

9.1CVSS7AI score0.01174EPSS
Exploits0References1
Rows per page
Query Builder