bycms_project CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

bycms_project vulnerability overview

Aggregates CVE and security vulnerability intelligence across all bycms_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk csrf and vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface production workloads use cases.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2020-18457	Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.	[email protected]	6.8	0.48%	2021-08-12	2024-11-21
CVE-2020-18455	Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php.	[email protected]	4.8	0.53%	2021-08-12	2024-11-21
CVE-2020-18454	Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.	[email protected]	6.8	0.48%	2021-08-12	2024-11-21

cvelogic Threat Intelligence