5 matches found
CVE-2020-35972
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html...
Cross site request forgery (csrf)
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html...
CVE-2020-35971
A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/systemmanage/userconfigedit.html page...
CVE-2020-35971
CVE-2020-35971 concerns a storage XSS in YzmCMS v5.8 affecting the page /admin/system_manage/user_config_edit.html . The vulnerability allows attackers to inject JavaScript/HTML, implying persistent script execution via stored payloads. The connected CNVD/CNNVD records describe a cross-site scrip...
CVE-2020-35972
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html...