Vulnerabilities > Duxcms Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2020-36763 | Cross-site Scripting vulnerability in Duxcms Project Duxcms 2.1 Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post. | 5.4 |
| 2023-07-31 | CVE-2020-21881 | Cross-Site Request Forgery (CSRF) vulnerability in Duxcms Project Duxcms 2.1 Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add. | 6.5 |
| 2023-07-06 | CVE-2020-21861 | Unrestricted Upload of File with Dangerous Type vulnerability in Duxcms Project Duxcms 2.1 File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. | 8.8 |
| 2023-07-06 | CVE-2020-21862 | Path Traversal vulnerability in Duxcms Project Duxcms 2.1 Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del. | 8.1 |
| 2022-12-08 | CVE-2020-36609 | Improper Enforcement of Message or Data Structure vulnerability in Duxcms Project Duxcms 2.1 A vulnerability was found in annyshow DuxCMS 2.1. | 5.4 |
| 2022-12-08 | CVE-2020-36610 | Incorrect Authorization vulnerability in Duxcms Project Duxcms 2.1 A vulnerability was found in annyshow DuxCMS 2.1. | 8.0 |
| 2022-02-16 | CVE-2021-3242 | SQL Injection vulnerability in Duxcms Project Duxcms 3.1.3 DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=. | 9.8 |