Hycms-j1@* Security Vulnerabilities and Issues — Hycms-j1@* CVE List

Lucene search

HywebHycms-j1*

2 matches found

CVE•added 2021/01/22 9:15 a.m.•51 views

CVE-2021-22847

Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.

8.8CVSS9.2AI score0.01172EPSS

CVE•added 2021/01/22 9:15 a.m.•48 views

CVE-2021-22849

Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.

5.4CVSS4.8AI score0.00172EPSS