RSS   Vulnerabilities for 'Bycms'   RSS

2021-08-12
 
CVE-2020-18454

CWE-352
 

 
Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.

 
 
CVE-2020-18455

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php.

 
 
CVE-2020-18457

CWE-352
 

 
Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.

 


Copyright 2024, cxsecurity.com

 

Back to Top