Aggregates CVE and security vulnerability intelligence across all appcms-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk sql injection and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-45380 | AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php | [email protected] | 6.1 | 2.52% | 2022-01-23 | 2026-06-17 |
| CVE-2020-36007 | AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users. | [email protected] | 6.1 | 0.87% | 2021-06-03 | 2026-06-17 |
| CVE-2020-36006 | AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | [email protected] | 6.5 | 1.07% | 2021-06-03 | 2026-06-17 |
| CVE-2020-36005 | AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | [email protected] | 6.5 | 1.07% | 2021-06-03 | 2026-06-17 |
| CVE-2020-36004 | AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information. | [email protected] | 6.5 | 0.90% | 2021-06-03 | 2026-06-17 |
| CVE-2019-9595 | AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter. | [email protected] | 6.1 | 0.83% | 2019-03-06 | 2026-06-17 |