Lucene search

Cxuucms Security Vulnerabilities - 2020

cve

CVE-2020-28091

cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.

7.5CVSS

7.8AI Score

0.04EPSS

2020-11-18 05:15 PM

cve

CVE-2020-29249

CXUUCMS V3 allows class="layui-input" XSS.

6.1CVSS

6.3AI Score

0.001EPSS

2020-12-27 07:15 AM

cve

CVE-2020-29250

CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.

6.1CVSS

5.9AI Score

0.001EPSS

2020-12-27 07:15 AM

cve

CVE-2020-35346

CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.

4.8CVSS

4.9AI Score

0.001EPSS

2020-12-26 04:15 AM

cve

CVE-2020-35347

CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.

6.5CVSS

6.5AI Score

0.001EPSS

2020-12-26 04:15 AM