ByteOS Network

hsycms

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2023-1349

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-3.5||LOW

EPSS-0.07% / 21.48%

7 Day CHG~0.00%

Published-11 Mar, 2023 | 08:05

Updated-02 Aug, 2024 | 05:40

Hsycms Add Category Module cate.php cross site scripting

A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.

Vendor-hsycms n/a

Product-hsycms Hsycms

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-10653

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-0.26% / 49.62%

7 Day CHG~0.00%

Published-10 Jul, 2019 | 13:59

Updated-04 Aug, 2024 | 22:32

An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page.

Vendor-hsycms n/a

Product-hsycms n/a

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2019-9145

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.24% / 47.17%

7 Day CHG~0.00%

Published-25 Feb, 2019 | 17:00

Updated-16 Sep, 2024 | 18:23

An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page.

Vendor-hsycms n/a

Product-hsycms n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')