Yzmcms@5.5 Security Vulnerabilities and Issues — Yzmcms@5.5 CVE List

Lucene search

YzmcmsYzmcms5.5

3 matches found

CVE-2020-22394

In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.

CVE-2020-20341

YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.

CVE-2020-19951

A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.