CVE-2020-37222
EUVD-2020-3122313.05.2026, 16:16
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in the content parameter to execute arbitrary scripts in users' browsers.
Awaiting analysis
This vulnerability is currently awaiting analysis.