Skip to main content

Cxuucms

7 CVEs product

Monthly

CVE-2021-3264 HIGH POC This Week

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cxuucms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-39599 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cxuucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-29250 MEDIUM POC This Month

CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cxuucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-29249 MEDIUM POC This Month

CXUUCMS V3 allows class="layui-input" XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cxuucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-35347 MEDIUM POC This Month

CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cxuucms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-35346 MEDIUM POC This Month

CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cxuucms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-28091 HIGH POC This Week

cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cxuucms
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
3.8%
EPSS 1% CVSS 7.2
HIGH POC This Week

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cxuucms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cxuucms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cxuucms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

CXUUCMS V3 allows class="layui-input" XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cxuucms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cxuucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cxuucms
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cxuucms
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy