81 matches found
Cross site scripting
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...
Cross site scripting
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...
Cross site scripting
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...
CVE-2024-24062
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...
CVE-2024-24060
The CVE-2024-24060 entry concerns springboot-manager v1.6, with a reported Cross Site Scripting (XSS) vulnerability via the /sys/user endpoint. The connected data confirms the affected software/version and the underlying issue being an XSS flaw, but does not provide a published fixed version. The...
CVE-2024-24062
CVE-2024-24062 affects springboot-manager v1.6; it is vulnerable to Cross Site Scripting (XSS) via the /sys/role endpoint. This is the explicit vulnerability described in multiple feeds. The NVD/CVE notes an XSS risk with base score 5.4 (Medium). Some sources (e.g., PT-2024-20261) describe the is...
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
CVE-2024-24060
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...
CVE-2024-24059
Springboot-manager v1.6 is affected by an Arbitrary File Upload vulnerability caused by not filtering uploaded file suffixes. The reports consistently describe this as the root cause and outline the resulting security impact as arbitrary file upload with low confidentiality/integrity impact and n...
PT-2024-20260 · Unknown · Springboot-Manager
Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sysContent/add" API endpoint. This allows for potential malicious script injection. No information is provided about the estimated number o...
CVE-2024-24062
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...
PT-2024-20259 · Unknown · Springboot-Manager
Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sys/user" API endpoint. This allows for potential malicious script execution. The estimated number of potentially affected devices worldwid...
PT-2024-20261 · Unknown · Springboot-Manager
Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sys/role" API endpoint. This means an attacker could potentially inject malicious scripts into the webpage, affecting users who access the...
CVE-2024-24061
The CVE-2024-24061 entry affects springboot-manager v1.6 and describes a Cross Site Scripting (XSS) vulnerability exposed via the endpoint /sysContent/add . The root cause in the available documents is not explicitly detailed beyond the XSS finding; the NVD/CVE metrics list a Medium impact (CVSS ...
springboot-manager Security Vulnerability
springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
CVE-2024-24061
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...
springboot-manager Security Vulnerability
springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...
springboot-manager Security Vulnerability
springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which stems from the system not filtering the suffix of uploaded...
CVE-2024-24060
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...