VYPR
Vendor

CXUUCMS

Products
2
CVEs
8
Across products
8
Status
Private

Products

2

Recent CVEs

8
  • CVE-2020-28091HigNov 18, 2020
    risk 0.52cvss 7.5epss 0.04

    cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.

  • CVE-2021-3264HigAug 27, 2021
    risk 0.47cvss 7.2epss 0.01

    SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.

  • CVE-2020-35347MedDec 26, 2020
    risk 0.42cvss 6.5epss 0.00

    CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.

  • CVE-2021-42970MedMar 29, 2022
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.

  • CVE-2021-39599MedAug 23, 2021
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.

  • CVE-2020-29250MedDec 27, 2020
    risk 0.40cvss 6.1epss 0.01

    CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.

  • CVE-2020-29249MedDec 27, 2020
    risk 0.40cvss 6.1epss 0.01

    CXUUCMS V3 allows class="layui-input" XSS.

  • CVE-2020-35346MedDec 26, 2020
    risk 0.31cvss 4.8epss 0.01

    CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.