308 matches found
CVE-2024-24062
CVE-2024-24062 affects springboot-manager v1.6; it is vulnerable to Cross Site Scripting (XSS) via the /sys/role endpoint. This is the explicit vulnerability described in multiple feeds. The NVD/CVE notes an XSS risk with base score 5.4 (Medium). Some sources (e.g., PT-2024-20261) describe the is...
CVE-2024-24062
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
CVE-2024-24059
Springboot-manager v1.6 is affected by an Arbitrary File Upload vulnerability caused by not filtering uploaded file suffixes. The reports consistently describe this as the root cause and outline the resulting security impact as arbitrary file upload with low confidentiality/integrity impact and n...
CVE-2024-24060
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...
PT-2024-20260 · Unknown · Springboot-Manager
Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sysContent/add" API endpoint. This allows for potential malicious script injection. No information is provided about the estimated number o...
PT-2024-20261 · Unknown · Springboot-Manager
Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sys/role" API endpoint. This means an attacker could potentially inject malicious scripts into the webpage, affecting users who access the...
CVE-2024-24062
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...
PT-2024-20259 · Unknown · Springboot-Manager
Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sys/user" API endpoint. This allows for potential malicious script execution. The estimated number of potentially affected devices worldwid...
CVE-2024-24061
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...
CVE-2024-24061
The CVE-2024-24061 entry affects springboot-manager v1.6 and describes a Cross Site Scripting (XSS) vulnerability exposed via the endpoint /sysContent/add . The root cause in the available documents is not explicitly detailed beyond the XSS finding; the NVD/CVE metrics list a Medium impact (CVSS ...
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
springboot-manager Security Vulnerability
springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...
CVE-2024-24060
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...
springboot-manager Security Vulnerability
springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which stems from the system not filtering the suffix of uploaded...
springboot-manager Security Vulnerability
springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...
CVE-2024-24061
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...
mldong Code Injection Vulnerability
mldong is mldong individual developer based on SpringBoot + Vue3 rapid development platform , self-research workflow engine . mldong 1.0 version of the code injection vulnerability , the vulnerability stems from the file com/mldong/modules/wf/engine/model/DecisionModel.java ExpressionEngine...
Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway
开源工具 SpringBoot-Scan 的GUI图形化版本,对你有用的话麻烦点个Star哈哈 注意:本工具内置相关漏洞的Exp,杀软报毒属于正常现象! 新版本工具使用 python3 main.py VulHub 漏洞测试环境搭建 git clone https://github.com/vulhub/vulhub.git 安装Docker环境 sudo apt-get install docker.io sudo apt install docker-compose 搭建CVE-2022-22965 cd /vulhub/CVE-2022-22965 sudo...
PT-2023-28728 · Jfinalcms +1 · Jfinalcms +1
Name of the Vulnerable Software and Affected Versions: SpringbootCMS version 1.0 JFinalcms affected versions not specified Description: The issue exists in a newly created part of the background, where parameters submitted by users are not filtered. This allows special characters in parameters to...