Vulnerabilities > Cxuu > Cxuucms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2021-42970 | Cross-site Scripting vulnerability in Cxuu Cxuucms 3.0 Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. | 6.1 |
| 2021-08-23 | CVE-2021-39599 | Cross-site Scripting vulnerability in Cxuu Cxuucms 3.1 Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. | 6.1 |
| 2020-12-27 | CVE-2020-29250 | Cross-site Scripting vulnerability in Cxuu Cxuucms 3.0 CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. | 6.1 |
| 2020-12-27 | CVE-2020-29249 | Cross-site Scripting vulnerability in Cxuu Cxuucms 3.0 CXUUCMS V3 allows class="layui-input" XSS. | 6.1 |
| 2020-12-26 | CVE-2020-35347 | Cross-Site Request Forgery (CSRF) vulnerability in Cxuu Cxuucms 3.1 CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. | 6.5 |
| 2020-12-26 | CVE-2020-35346 | Cross-site Scripting vulnerability in Cxuu Cxuucms 3.1 CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | 4.8 |