Vulnerabilities (CVE)

Filtered by vendor Duxcms Project Subscribe

Filtered by product Duxcms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-21881	1 Duxcms Project	1 Duxcms	2023-08-04	N/A	6.5 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.
CVE-2020-36763	1 Duxcms Project	1 Duxcms	2023-08-04	N/A	5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.
CVE-2021-3242	1 Duxcms Project	1 Duxcms	2022-02-24	7.5 HIGH	9.8 CRITICAL
DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.