← back
CVE-2020-37222

Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in the content parameter to execute arbitrary scripts in users' browsers.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Kuicms · Kuicms Php EE
public PoCs found1
cve_referencewww.exploit-db.com/exploits/48526unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kuicms.comhttps://kuicms.com/kuicms.ziphttps://www.exploit-db.com/exploits/48526https://www.vulncheck.com/advisories/kuicms-php-ee-persistent-cross-site-scripting-via-bbs-reply