Cxuucms Security Vulnerabilities and Issues — Cxuucms CVE List

Lucene search

CxuuCxuucms

8 matches found

CVE•added 2020/12/26 4:15 a.m.•80 views

CVE-2020-35347

CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.

6.5CVSS6.5AI score0.00117EPSS

CVE•added 2020/12/26 4:15 a.m.•75 views

CVE-2020-35346

CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.

4.8CVSS4.9AI score0.00176EPSS

CVE•added 2020/12/27 7:15 a.m.•67 views

CVE-2020-29249

CXUUCMS V3 allows class="layui-input" XSS.

6.1CVSS6.3AI score0.0024EPSS

CVE•added 2020/12/27 7:15 a.m.•66 views

CVE-2020-29250

CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2020/11/18 5:15 p.m.•52 views

CVE-2020-28091

cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.

7.5CVSS7.8AI score0.03584EPSS

CVE•added 2022/03/29 6:15 p.m.•50 views

CVE-2021-42970

Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.

6.1CVSS6AI score0.00228EPSS

CVE•added 2021/08/27 7:15 p.m.•34 views

CVE-2021-3264

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.

7.2CVSS7.4AI score0.00255EPSS

CVE•added 2021/08/23 11:15 p.m.•32 views

CVE-2021-39599

Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.

6.1CVSS6.1AI score0.00201EPSS