Yzncms

Yzncms

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2025-25791

Exploit
  • EPSS 0.02%
  • Published 26.02.2025 15:15:27
  • Last modified 07.04.2025 18:52:59

An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file.

5.4

CVE-2024-42939

Exploit
  • EPSS 0.16%
  • Published 21.08.2024 05:15:14
  • Last modified 31.08.2024 02:58:34

A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.

6.1

CVE-2023-43233

  • EPSS 0.2%
  • Published 27.09.2023 23:15:12
  • Last modified 21.11.2024 08:23:51

A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.

6.5

CVE-2023-37131

Exploit
  • EPSS 0.05%
  • Published 06.07.2023 15:15:16
  • Last modified 21.11.2024 08:11:03

A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request.