CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-37111

60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browsers. This issue does not involve SQL injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.7%

CVSS Severity

CVSS v3 Score 6.1

References

http://davidvg.com/
https://www.exploit-db.com/exploits/48177
https://www.opensourcecms.com/60cyclecms
https://www.vulncheck.com/advisories/cyclecms-newsphp-cross-site-scripting-xss-vulnerability

Products affected by CVE-2020-37111

Opensourcecms » 60cyclecms » Version: 2.5.2

cpe:2.3:a:opensourcecms:60cyclecms:2.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-37111

Products

Pricing

Contact Us