42 matches found
EUVD-2023-47652
Malicious code in bioql PyPI...
EUVD-2025-5356
Malicious code in bioql PyPI...
EUVD-2023-41051
Malicious code in bioql PyPI...
CVE-2024-42939
A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...
CVE-2025-25791
An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file...
CVE-2025-25791
An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file...
CVE-2025-25791
An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file...
CVE-2025-25791
The CVE-2025-25791 entry describes an arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1. Attackers can upload a crafted Zip file to execute arbitrary code on the affected system. The impact is limited to code execution via the upload path, as per the descript...
YznCMS 安全漏洞
YznCMS is a backend development framework open source by China ken678. A security vulnerability exists in YznCMS v2.0.1, the vulnerability stems from the existence of arbitrary file upload problem, an attacker can upload a well-designed Zip file to execute arbitrary code...
CVE-2025-25791
An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file...
CVE-2025-25791
An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file...
YznCMS Cross-Site Scripting Vulnerability (CNVD-2024-38192)
YznCMS is a backend development framework. A cross-site scripting vulnerability exists in YznCMS version 1.4.2, which stems from the lack of effective filtering and escaping of user-supplied data in the component /index/index.html, and can be exploited by an attacker to execute arbitrary Web scri...
CVE-2024-42939
A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...
CVE-2024-42939
A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...
CVE-2024-42939
A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...
CVE-2024-42939
A cross-site scripting XSS vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...
YznCMS 安全漏洞
YznCMS is a backend development framework. A cross-site scripting vulnerability exists in YznCMS version 1.4.2, which stems from the lack of effective filtering and escaping of user-supplied data in the component /index/index.html, and can be exploited by an attacker to execute arbitrary Web scri...
CVE-2024-42939
CVE-2024-42939 affects YZNCMS v1.4.2, specifically the /index/index.html component. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary web scripts or HTML via a crafted payload placed in the configured remarks text field. Public details confirm the ...
PT-2024-30211 · Yzncms · Yzncms
Name of the Vulnerable Software and Affected Versions: YZNCMS version 1.4.2 Description: A cross-site scripting XSS issue in the /index/index.html component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field...
CVE-2023-43233
A stored cross-site scripting XSS vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...