{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2020-37222/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2020-37222"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Kuicms Php EE"],"_cs_severities":["medium"],"_cs_tags":["xss","cve-2020-37222","kuicms"],"_cs_type":"threat","_cs_vendors":["Kuicms"],"content_html":"\u003cp\u003eKuicms Php EE 2.0 is susceptible to a persistent cross-site scripting (XSS) vulnerability. This flaw allows unauthenticated attackers to inject malicious JavaScript code into the application\u0026rsquo;s database, which is then executed in the browsers of users who interact with the affected content. The vulnerability resides within the bbs reply functionality, specifically through the \u003ccode\u003e/web/?c=bbs\u0026amp;a=reply\u003c/code\u003e endpoint. An attacker can craft a POST request containing malicious HTML and JavaScript payloads within the \u003ccode\u003econtent\u003c/code\u003e parameter. The vulnerability was reported on May 13, 2026, and poses a risk to organizations using the vulnerable Kuicms version, potentially leading to account compromise, data theft, and website defacement.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies the \u003ccode\u003e/web/?c=bbs\u0026amp;a=reply\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a POST request to \u003ccode\u003e/web/?c=bbs\u0026amp;a=reply\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a \u003ccode\u003econtent\u003c/code\u003e parameter containing malicious HTML and JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe server-side application fails to properly sanitize the input provided in the \u003ccode\u003econtent\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe malicious payload is stored in the application\u0026rsquo;s database.\u003c/li\u003e\n\u003cli\u003eA user views the bbs reply containing the malicious payload.\u003c/li\u003e\n\u003cli\u003eThe malicious JavaScript code is executed within the user\u0026rsquo;s browser, potentially stealing cookies or redirecting the user to a malicious website.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the user\u0026rsquo;s session or injects further malicious content into the website.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an unauthenticated attacker to inject malicious scripts into the Kuicms Php EE 2.0 application. This can lead to a variety of impacts, including account compromise, data theft, website defacement, and further propagation of malicious content. Given the CVSS v3.1 score of 7.2, this vulnerability poses a significant risk to organizations using the affected software.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates provided by Kuicms to address CVE-2020-37222.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and sanitization mechanisms to prevent XSS attacks, focusing on the \u003ccode\u003econtent\u003c/code\u003e parameter of the \u003ccode\u003e/web/?c=bbs\u0026amp;a=reply\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect potential exploitation attempts targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/web/?c=bbs\u0026amp;a=reply\u003c/code\u003e containing HTML or JavaScript payloads.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:19:24Z","date_published":"2026-05-13T16:19:24Z","id":"https://feed.craftedsignal.io/briefs/2026-05-kuicms-xss/","summary":"Kuicms Php EE 2.0 is vulnerable to persistent cross-site scripting (CVE-2020-37222), allowing unauthenticated attackers to inject malicious scripts via the bbs reply endpoint, leading to arbitrary script execution in users' browsers.","title":"Kuicms Php EE 2.0 Persistent Cross-Site Scripting Vulnerability (CVE-2020-37222)","url":"https://feed.craftedsignal.io/briefs/2026-05-kuicms-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2020-37222","version":"https://jsonfeed.org/version/1.1"}