406 matches found
YzmCMS v3.6 - Cross-Site Scripting
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. id: CVE-2018-7653 info: name: YzmCMS v3.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. impact: | Attackers can execute arbitrary JavaScript in...
CVE-2026-15202
A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
CVE-2026-15202 YzmCMS Header yzmphp.php get_url cross site scripting
A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
EUVD-2026-42655
A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
CVE-2026-15202
CVE-2026-15202 affects YzmCMS up to version 7.5. The vulnerability resides in the get_url function of /yzmphp/yzmphp.php within the Header Handler, where manipulation of the HTTP_HOST argument enables cross-site scripting. Exploitation is remote and publicly disclosed. Vendor contact did not elic...
CVE-2026-13529
A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...
CVE-2026-13529 YzmCMS index.php sql injection
A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...
EUVD-2026-40026
A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...
CVE-2026-13529
CVE-2026-13529 : In YzmCMS (up to v7.5), a vulnerability affects an unknown function in /application/install/index.php where manipulating the siteurl parameter can cause SQL injection. The issue is exploitable remotely with high attack complexity and partial confidentiality/integrity/availability...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
EUVD-2026-16209
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
Yzmcms 安全漏洞
Yzmcms is a set of open-source CMS Content Management Systems developed by Yzmcms. Version Yzmcms v7.4 contains a security vulnerability. This vulnerability stems from a reflection cross-site scripting vulnerability in the /index/login.html component. Attackers can execute arbitrary JavaScript in...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...
PT-2026-28390
Name of the Vulnerable Software and Affected Versions YZMCMS version 7.4 Description A reflected cross-site scripting XSS issue exists in the /index/login.html component. This allows attackers to execute arbitrary Javascript within the user's browser by modifying the referrer value in the request...
CVE-2026-29933
CVE-2026-29933 describes a reflected XSS in YZMCMS v7.4, specifically in the "/index/login.html" component. The issue arises when an attacker can modify the referrer header, causing arbitrary Javascript to run in the victim’s browser. Affected product/version: YZMCMS 7.4. Root cause: reflected XS...
CVE-2022-23888
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey CSRF via the component /yzmcms/comment/index/init.html...
CVE-2022-23383
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non...