Every CVE whose affected-product data names Yuba U5cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2022-34937 — CVSS 8.8 (high): Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows…
CVE-2015-1576 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name…
CVE-2015-1577 — CVSS 6.4 (medium): Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a…
CVE-2022-32444 — CVSS 6.1 (medium): An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to…
CVE-2022-32442 — CVSS 6.1 (medium): u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is…
CVE-2015-1578 — CVSS 5.8 (medium): Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct…
CVE-2015-1575 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via…