cxuu 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection, and vendor risk csrf があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-42970 | Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. | [email protected] | 6.1 | 0.23% | 2022-03-29 | 2024-11-21 |
| CVE-2021-3264 | SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | [email protected] | 7.2 | 0.26% | 2021-08-27 | 2024-11-21 |
| CVE-2021-39599 | Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. | [email protected] | 6.1 | 0.20% | 2021-08-23 | 2024-11-21 |
| CVE-2020-29250 | CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. | [email protected] | 6.1 | 0.24% | 2020-12-27 | 2024-11-21 |
| CVE-2020-29249 | CXUUCMS V3 allows class="layui-input" XSS. | [email protected] | 6.1 | 0.24% | 2020-12-27 | 2024-11-21 |
| CVE-2020-35347 | CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. | [email protected] | 6.5 | 0.06% | 2020-12-26 | 2024-11-21 |
| CVE-2020-35346 | CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | [email protected] | 4.8 | 0.18% | 2020-12-26 | 2024-11-21 |
| CVE-2020-28091 | cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. | [email protected] | 7.5 | 6.52% | 2020-11-18 | 2024-11-21 |