398 matches found
YzmCMS v3.6 - Cross-Site Scripting
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. id: CVE-2018-7653 info: name: YzmCMS v3.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. impact: | Attackers can execute arbitrary JavaScript in...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
EUVD-2026-16209
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
PT-2026-28390
Name of the Vulnerable Software and Affected Versions YZMCMS version 7.4 Description A reflected cross-site scripting XSS issue exists in the /index/login.html component. This allows attackers to execute arbitrary Javascript within the user's browser by modifying the referrer value in the request...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
Yzmcms 安全漏洞
Yzmcms is a set of open-source CMS Content Management Systems developed by Yzmcms. Version Yzmcms v7.4 contains a security vulnerability. This vulnerability stems from a reflection cross-site scripting vulnerability in the /index/login.html component. Attackers can execute arbitrary JavaScript in...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
CVE-2026-29933
CVE-2026-29933 describes a reflected XSS in YZMCMS v7.4, specifically in the "/index/login.html" component. The issue arises when an attacker can modify the referrer header, causing arbitrary Javascript to run in the victim’s browser. Affected product/version: YZMCMS 7.4. Root cause: reflected XS...
CVE-2022-23888
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey CSRF via the component /yzmcms/comment/index/init.html...
CVE-2022-23383
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non...
CVE-2022-23384
YzmCMS v6.3 is affected by Cross Site Request Forgery CSRF in /admin.add...
CVE-2022-23887
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete user accounts via /admin/adminmanage/delete...
CVE-2019-16532
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections...
EUVD-2020-16116
Malware in sbrugna...
EUVD-2018-20366
Malware in sbrugna...
EUVD-2019-19027
Malware in sbrugna...
EUVD-2018-10807
Malware in sbrugna...
EUVD-2019-7239
Malware in sbrugna...