RSS   Vulnerabilities for 'Cxuucms'   RSS

2022-03-29
 
CVE-2021-42970

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.

 
2021-08-27
 
CVE-2021-3264

CWE-89
 

 
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.

 
2021-08-23
 
CVE-2021-39599

CWE-79
 

 
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.

 
2020-12-27
 
CVE-2020-29250

CWE-79
 

 
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.

 
 
CVE-2020-29249

CWE-79
 

 
CXUUCMS V3 allows class="layui-input" XSS.

 
2020-12-26
 
CVE-2020-35347

CWE-352
 

 
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.

 
 
CVE-2020-35346

CWE-79
 

 
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.

 


Copyright 2024, cxsecurity.com

 

Back to Top