Skip to main content

Xyhcms

4 CVEs product

Monthly

CVE-2020-20586 MEDIUM POC This Month

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xyhcms
NVD GitHub VulDB
CVSS 3.1
4.5
EPSS
0.5%
CVE-2018-14583 HIGH POC This Week

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xyhcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10128 MEDIUM This Month

An issue was discovered in XYHCMS 3.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Xyhcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10127 HIGH This Week

An issue was discovered in XYHCMS 3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Xyhcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
EPSS 1% CVSS 4.5
MEDIUM POC This Month

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xyhcms
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xyhcms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in XYHCMS 3.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Xyhcms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in XYHCMS 3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Xyhcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy