Vulnerabilities > Cxuu

DATE CVE VULNERABILITY TITLE RISK
2022-03-29 CVE-2021-42970 Cross-site Scripting vulnerability in Cxuu Cxuucms 3.0
Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.
network
cxuu CWE-79
4.3
2021-08-27 CVE-2021-3264 SQL Injection vulnerability in Cxuu Cxuucms 3.1
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.
network
low complexity
cxuu CWE-89
6.5
2021-08-23 CVE-2021-39599 Cross-site Scripting vulnerability in Cxuu Cxuucms 3.1
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.
network
cxuu CWE-79
4.3
2020-12-27 CVE-2020-29250 Cross-site Scripting vulnerability in Cxuu Cxuucms 3.0
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.
network
cxuu CWE-79
4.3
2020-12-27 CVE-2020-29249 Cross-site Scripting vulnerability in Cxuu Cxuucms 3.0
CXUUCMS V3 allows class="layui-input" XSS.
network
cxuu CWE-79
4.3
2020-12-26 CVE-2020-35347 Cross-Site Request Forgery (CSRF) vulnerability in Cxuu Cxuucms 3.1
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.
network
cxuu CWE-352
4.3
2020-12-26 CVE-2020-35346 Cross-site Scripting vulnerability in Cxuu Cxuucms 3.1
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.
network
cxuu CWE-79
3.5
2020-11-18 CVE-2020-28091 SQL Injection vulnerability in Cxuu Cxuucms 3.0
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
network
low complexity
cxuu CWE-89
5.0