RSS   Vulnerabilities for 'Xyhcms'   RSS

2018-04-16
 
CVE-2018-10128

CWE-79
 

 
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.

 
 
CVE-2018-10127

CWE-352
 

 
An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.

 


Copyright 2024, cxsecurity.com

 

Back to Top