An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.
8.8CVSS
8.7AI Score
0.001EPSS
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.
6.1CVSS
5.9AI Score
0.001EPSS