Skip to main content

Easycms

8 CVEs product

Monthly

CVE-2019-6294 HIGH POC This Week

An issue was discovered in EasyCMS 1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Easycms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-17113 MEDIUM POC This Month

App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-16773 MEDIUM POC This Month

EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-16759 MEDIUM POC This Month

The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16345 HIGH POC This Week

An issue was discovered in EasyCMS 1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Easycms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-12971 MEDIUM POC This Month

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Easycms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-10527 MEDIUM POC This Month

EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-10374 MEDIUM POC This Month

EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in EasyCMS 1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Easycms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in EasyCMS 1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Easycms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Easycms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy