Vulnerabilities (CVE)

Filtered by vendor Yzncms Subscribe
Filtered by product Yzncms
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-43233 1 Yzncms 1 Yzncms 2024-11-21 N/A 6.1 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
CVE-2023-37131 1 Yzncms 1 Yzncms 2024-11-21 N/A 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request.
CVE-2024-42939 1 Yzncms 1 Yzncms 2024-08-31 N/A 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.