CVE-2021-36654

MEDIUM

Cmsuno - XSS

Title source: rule

Description

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.

Exploits (1)

exploitdb WRITEUP
by splint3rsec · textwebappsphp
https://www.exploit-db.com/exploits/50179

References (2)

Scores

CVSS v3 5.4
EPSS 0.0260
EPSS Percentile 85.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
cmsuno_project/cmsuno 1.7
Published Aug 03, 2021
Tracked Since Feb 18, 2026