China Banking and Insurance Information Technology Management Co.

3 exploits Active since Aug 2021
CVE-2020-37222 EXPLOITDB HIGH text WORKING POC
Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in the content parameter to execute arbitrary scripts in users' browsers.
CVSS 7.2
CVE-2020-23069 EXPLOITDB MEDIUM text WORKING POC
webTareas 2.0 - Path Traversal via extpath Parameter in general_serv.php
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
CVSS 6.5
CVE-2020-28146 EXPLOITDB MEDIUM text WORKING POC
Eyoucms < 1.4.7 - Cross-Site Scripting via addonfieldext Parameter
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
CVSS 6.1