Eyoucms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Eyoucms
(Eyoucms)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	61

Date	Id	Summary	Products	Score	Patch	Annotated
2023-11-29	CVE-2023-48880	A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.	Eyoucms	4.8
2023-11-29	CVE-2023-48881	A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.	Eyoucms	4.8
2023-11-29	CVE-2023-48882	A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.	Eyoucms	4.8
2023-11-21	CVE-2023-46935	eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.	Eyoucms	5.4
2023-11-15	CVE-2023-41597	EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.	Eyoucms	6.1
2022-03-24	CVE-2022-26279	EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.	Eyoucms	9.8
2023-07-20	CVE-2023-37645	eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.	Eyoucms	5.3
2023-07-06	CVE-2023-37132	A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	Eyoucms	5.4
2023-07-06	CVE-2023-37133	A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	Eyoucms	5.4
2023-07-06	CVE-2023-37134	A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	Eyoucms	5.4