Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Mar 5, 2026
60CycleCMS 2.5.2 - 'news.php' Cross-site Scripting (XSS) Vulnerability
CVE-2020-37111
Description
60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browsers. This issue does not involve SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 2.5.2
- Davidvg/60CycleCMSv5Range: 2.5.2
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/48177mitreexploit
- www.vulncheck.com/advisories/cyclecms-newsphp-cross-site-scripting-xss-vulnerabilitymitrethird-party-advisory
- davidvg.commitreproduct
- www.opensourcecms.com/60cyclecmsmitreproduct
News mentions
0No linked articles in our index yet.