Filtered by vendor Yzmcms
Subscriptions
Filtered by product Yzmcms
Subscriptions
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11554 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | ||||
| CVE-2018-10224 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html. | ||||
| CVE-2018-10223 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html. | ||||
| CVE-2018-10026 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. | ||||