CVE-2020-37222 MEDIUM

CVE-2020-37222: Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply

Vendor Kuicms

Product Kuicms Php EE

Weakness CWE-79 · XSS

Published May 13, 2026

Last update May 24, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

Description

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in the content parameter to execute arbitrary scripts in users' browsers.

Key dates

Disclosure timeline

May 13, 2026 CVE published

May 24, 2026 Record updated