cbcvebase.

Cxuu Cxuucms vulnerabilities

7 known vulnerabilities affecting cxuu/cxuucms.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2020-28091P3HIGHCVSS 7.5PoCv3.02020-11-18
CVE-2020-28091 [HIGH] CWE-89 CVE-2020-28091: cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
nvd
CVE-2021-3264P3HIGHCVSS 7.2v3.12021-08-27
CVE-2021-3264 [HIGH] CWE-89 CVE-2021-3264: SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.
nvd
CVE-2020-35347P4MEDIUMCVSS 6.5v3.12020-12-26
CVE-2020-35347 [MEDIUM] CWE-352 CVE-2020-35347: CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminu CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.
nvd
CVE-2020-29250P4MEDIUMCVSS 6.1v3.02020-12-27
CVE-2020-29250 [MEDIUM] CWE-79 CVE-2020-29250: CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.
nvd
CVE-2021-42970P4MEDIUMCVSS 6.1v3.02022-03-29
CVE-2021-42970 [MEDIUM] CWE-79 CVE-2021-42970: Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ cont Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.
nvd
CVE-2021-39599P4MEDIUMCVSS 6.1v3.12021-08-23
CVE-2021-39599 [MEDIUM] CWE-79 CVE-2021-39599: Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parame Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.
nvd
CVE-2020-35346P4MEDIUMCVSS 4.8v3.12020-12-26
CVE-2020-35346 [MEDIUM] CWE-79 CVE-2020-35346: CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject a CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.
nvd
Cxuu Cxuucms vulnerabilities | cvebase