Vulnerabilities (CVE)

Filtered by vendor Bycms Project Subscribe
Filtered by product Bycms
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-18457 1 Bycms Project 1 Bycms 2024-11-21 6.0 MEDIUM 6.8 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.
CVE-2020-18455 1 Bycms Project 1 Bycms 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php.
CVE-2020-18454 1 Bycms Project 1 Bycms 2024-11-21 6.0 MEDIUM 6.8 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.