3 matches found
CVE-2020-18455
CVE-2020-18455 affects bycms v3.0.4, with an XSS vulnerability in the edit(Document.php) function via the title parameter. The connected sources confirm the vulnerable component and entry details; no patch/version remediation information is provided in the supplied documents. Exploitation details...
CVE-2020-18454
CVE-2020-18454 affects bycms v1.3. A Cross-Site Request Forgery (CSRF) vulnerability is exposed via admin.php/systems/index/module_id/70/group_id/1.html. The CVSS metrics in the initial data indicate a base score of 6.0 (CVSS2) / 6.8 (CVSS3.1) with Network attack vector and user interaction not r...
CVE-2020-18457
CVE-2020-18457 affects bycms v1.3.0 and is a CSRF vulnerability that allows an attacker to add an administrator account via admin.php/ucenter/add.html. The issue is rooted in CSRF and enables privilege escalation to admin, with impact described in CVSS as enabling partial confidentiality, integri...