306 matches found
PT-2024-29457 · Unknown · Lin-Cms Springboot
Name of the Vulnerable Software and Affected Versions: lin-CMS Springboot versions 0.2.1 and before Description: The issue allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Recommendations: For versions 0.2.1 and before, consider...
CVE-2024-41600
Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component...
CVE-2024-41600
Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component...
CVE-2024-41600
CVE-2024-41600 affects lin-CMS Springboot up to v0.2.1. The vulnerability is caused by insecure permissions in the UserController.login path, enabling a remote attacker to obtain sensitive information (confidentiality impact high; no integrity/availability impact indicated). Documents do not prov...
Spring Tips: Proxies
Hi, Spring fans! In this installment we look at the use of JDK and CGLIB-based proxies in Spring, and demystify their application Java SpringBoot SpringFramework Architecture DesignPatterns oop...
CVE-2024-6539
A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05-28. Affected is an unknown function of the file /guestbook of the component Guestbook Handler. The manipulation of the argument Content leads to cross site scripting. It is possible to launch the attac...
CVE-2024-24061
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...
CVE-2024-24062
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...
CVE-2024-24061
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...
CVE-2024-24062
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...
CVE-2024-24060
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...
CVE-2024-24060
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
Cross site scripting
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...
Cross site scripting
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...
Cross site scripting
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...
CVE-2024-24059
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...
CVE-2024-24062
CVE-2024-24062 affects springboot-manager v1.6; it is vulnerable to Cross Site Scripting (XSS) via the /sys/role endpoint. This is the explicit vulnerability described in multiple feeds. The NVD/CVE notes an XSS risk with base score 5.4 (Medium). Some sources (e.g., PT-2024-20261) describe the is...
CVE-2024-24062
springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...