TeamEasy/EasyCMS

TeamEasy/EasyCMS

easycms.chenjie.info

Releases7

Frequency6 months 2 days

Last Release over 6 years ago

Stars103

cms by thinkphp3.1.3+dwz+bootstrap

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-6294 ↗	Jan 15, 2019Tuesday, 15 January 2019, 14:29	—	6.8 MEDIUM
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
CVE-2018-17113 ↗	Sep 17, 2018Monday, 17 September 2018, 04:29	—	4.3 MEDIUM
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.
CVE-2018-16773 ↗	Sep 10, 2018Monday, 10 September 2018, 04:29	—	3.5 LOW
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
CVE-2018-16759 ↗	Sep 9, 2018Sunday, 9 September 2018, 21:29	—	4.3 MEDIUM
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.
CVE-2018-16345 ↗	Sep 2, 2018Sunday, 2 September 2018, 18:29	—	6.8 MEDIUM
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
CVE-2018-12971 ↗	Jun 29, 2018Friday, 29 June 2018, 05:29	—	5.8 MEDIUM
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
CVE-2018-10527 ↗	Apr 28, 2018Saturday, 28 April 2018, 16:29	—	3.5 LOW
EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI.
CVE-2018-10374 ↗	Apr 25, 2018Wednesday, 25 April 2018, 09:29	—	4.3 MEDIUM
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.