Vulnerability Description
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in the content parameter to execute arbitrary scripts in users' browsers.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://kuicms.com
- https://kuicms.com/kuicms.zip
- https://www.exploit-db.com/exploits/48526
- https://www.vulncheck.com/advisories/kuicms-php-ee-persistent-cross-site-scripti
FAQ
What is CVE-2020-37222?
CVE-2020-37222 is a vulnerability with a CVSS score of 7.2 (HIGH). Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoin...
How severe is CVE-2020-37222?
CVE-2020-37222 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-37222?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.