Browse all 4 CVE security advisories affecting puncsky. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Puncsky is a web application framework primarily used for building content management systems and e-commerce platforms. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The framework's modular architecture introduces additional attack surfaces through third-party plugins. While no major public security incidents have been widely documented, its four CVE records indicate consistent security challenges that require careful configuration and regular updates. Developers implementing Puncsky should prioritize hardening measures and dependency management to mitigate its inherent risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-26221 | Stored Cross Site Scripting in touchbase.ai — touchbase.aiCWE-79 | 8.0 | High | 2020-11-11 |
| CVE-2020-26220 | Information exposure in touchbase.ai — touchbase.aiCWE-200 | 3.5 | Low | 2020-11-11 |
| CVE-2020-26219 | Open Redirect in touchbase.ai — touchbase.aiCWE-601 | 4.7 | Medium | 2020-11-11 |
| CVE-2020-26218 | HTML Injection in touchbase.ai — touchbase.aiCWE-80 | 8.0 | High | 2020-11-11 |
This page lists every published CVE security advisory associated with puncsky. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.