6 matches found
EUVD-2020-10013
Malware in sbrugna...
Cross site scripting
Cross Site Scripting XSS in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in...
Cross site request forgery (csrf)
YzmCMS v5.2 has admin/role/add.html CSRF...
CVE-2018-20015
YzmCMS v5.2 has admin/role/add.html CSRF...
CVE-2018-20015
YzmCMS v5.2 has admin/role/add.html CSRF...
CVE-2018-19092
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie...