CNNVD-202602-380 Information

CNNVD ID

CNNVD-202602-380

Related CVE

CVE-2020-37111

• CNNVD Published: 2026-02-03

Description (Chinese)

60CycleCMS是60CycleCMS开源的一个内容管理系统。 60CycleCMS 2.5.2版本存在跨站脚本漏洞，该漏洞源于news.php文件中的etsu和ltsu参数存在跨站脚本，可能导致攻击者在受害者浏览器中执行任意脚本。

Description (English)

CycleCMS is an open-source content management system for 60 CycleCMS. 60 CycleCMS version 2.5.2 has a cross-site script loophole, which stems from the presence of cross-site scripts of the tsu and ltsu parameters in the news.php file, which may lead to any script being executed by the assailant in the victim browser.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

60CycleCMS

Published

2026-02-03

Last Modified

2026-02-24

References

http://davidvg.com/ https://www.exploit-db.com/exploits/48177 https://www.opensourcecms.com/60cyclecms https://www.vulncheck.com/advisories/cyclecms-newsphp-cross-site-scripting-xss-vulnerability