VYPR
Medium severity4.8NVD Advisory· Published Dec 26, 2020· Updated Jun 17, 2026

CVE-2020-35346

CVE-2020-35346

Description

CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.

Affected products

3
  • CXUUCMS V3/CXUUCMS V3description
  • CXUUCMS/cxuucmsv3llm-create2 versions
    3.1+ 1 more
    • (no CPE)range: 3.1
    • (no CPE)range: 3.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.