cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
7.5CVSS
7.8AI Score
0.04EPSS
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.
4.8CVSS
4.9AI Score
0.001EPSS
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.
6.5CVSS
6.5AI Score
0.001EPSS
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.
7.2CVSS
7.4AI Score
0.001EPSS
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.
6.1CVSS
6.1AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.
6.1CVSS
6AI Score
0.001EPSS