RSS   Vulnerabilities for 'Hycms-j1'   RSS

2021-01-22
 
CVE-2021-22849

CWE-79
 

 
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.

 
 
CVE-2021-22847

CWE-89
 

 
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.

 


Copyright 2024, cxsecurity.com

 

Back to Top