Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42970 | 1 Cxuu | 1 Cxuucms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. | |||||
| CVE-2021-3264 | 1 Cxuu | 1 Cxuucms | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | |||||
| CVE-2021-39599 | 1 Cxuu | 1 Cxuucms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. | |||||
| CVE-2020-29249 | 1 Cxuu | 1 Cxuucms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| CXUUCMS V3 allows class="layui-input" XSS. | |||||
| CVE-2020-28091 | 1 Cxuu | 1 Cxuucms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. | |||||
| CVE-2020-35346 | 1 Cxuu | 1 Cxuucms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | |||||
| CVE-2020-35347 | 1 Cxuu | 1 Cxuucms | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. | |||||
| CVE-2020-29250 | 1 Cxuu | 1 Cxuucms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. | |||||