Primary

Context

Kuicms Php EE Persistent Cross-Site Scripting Vulnerability

Vulnerability

A persistent cross-site scripting vulnerability has been identified in Kuicms Php EE version 2.0. This vulnerability allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can exploit this issue by sending POST requests to the reply endpoint with HTML and JavaScript payloads in the content parameter, which are then executed in the browsers of users viewing the affected content.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, send a POST request to the /web/?c=bbs&a=reply endpoint. Include a crafted content parameter with HTML and JavaScript payloads. The injected scripts will be executed in the browsers of users who view the affected content.

Added: May 13, 2026, 6:54 PM

Updated: May 13, 2026, 6:54 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

8.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

8.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kuicms Php EE Persistent Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Kuicms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating