Vulnerability CVE-2018-17044


Published: 2018-09-14

Description:
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Yzmcms
Product: Yzmcms 
Version: 5.1;

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://github.com/yzmcms/yzmcms/issues/3

Related CVE
CVE-2018-11554
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote at...
CVE-2018-10224
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.
CVE-2018-10223
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
CVE-2018-10026
The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.
CVE-2018-8756
Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request.
CVE-2018-8078
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.
CVE-2018-7579
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.
CVE-2018-7479
YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.

Copyright 2018, cxsecurity.com

 

Back to Top