CVE-2020-23370

In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML...

CVE-2020-23370

In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML...

Cross site scripting

In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML...

CVE-2020-23369

In YzmCMS 5.6, XSS was discovered in member/membercontent/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3...

CVE-2020-23369

CVE-2020-23369 affects YzmCMS 5.6, where a cross-site scripting vulnerability exists in member/member_content/init.html due to using UEditor 1.4.3.3 . The underlying issue is an XSS via the SRC attribute of an IFRAME element, allowing injected scripts. Public records in NVD/CNVD/CNNVD confirm the...