Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hycms\-J1
(Hyweb)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 2 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-01-22 | CVE-2021-22849 | Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack. | Hycms\-J1 | 5.4 | ||
2021-01-22 | CVE-2021-22847 | Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege. | Hycms\-J1 | 8.8 |