xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator...
8.8CVSS
8.5AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator...
8.8CVSS
8.7AI Score
0.001EPSS
XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component...
5.4CVSS
5.2AI Score
0.001EPSS
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and...
4.5CVSS
4.7AI Score
0.001EPSS