CXUUCMS
Products
2- 5 CVEs
- 3 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28091 | Hig | 0.52 | 7.5 | 0.04 | Nov 18, 2020 | cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. | ||
| CVE-2021-3264 | Hig | 0.47 | 7.2 | 0.01 | Aug 27, 2021 | SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | ||
| CVE-2020-35347 | Med | 0.42 | 6.5 | 0.00 | Dec 26, 2020 | CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. | ||
| CVE-2021-42970 | Med | 0.40 | 6.1 | 0.01 | Mar 29, 2022 | Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. | ||
| CVE-2021-39599 | Med | 0.40 | 6.1 | 0.01 | Aug 23, 2021 | Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. | ||
| CVE-2020-29250 | Med | 0.40 | 6.1 | 0.01 | Dec 27, 2020 | CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. | ||
| CVE-2020-29249 | Med | 0.40 | 6.1 | 0.01 | Dec 27, 2020 | CXUUCMS V3 allows class="layui-input" XSS. | ||
| CVE-2020-35346 | Med | 0.31 | 4.8 | 0.01 | Dec 26, 2020 | CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. |
- risk 0.52cvss 7.5epss 0.04
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
- risk 0.47cvss 7.2epss 0.01
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.
- risk 0.42cvss 6.5epss 0.00
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.
- risk 0.40cvss 6.1epss 0.01
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.
- risk 0.40cvss 6.1epss 0.01
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.
- risk 0.40cvss 6.1epss 0.01
CXUUCMS V3 allows class="layui-input" XSS.
- risk 0.31cvss 4.8epss 0.01
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.