CVE-2024-24060

The CVE-2024-24060 entry concerns springboot-manager v1.6, with a reported Cross Site Scripting (XSS) vulnerability via the /sys/user endpoint. The connected data confirms the affected software/version and the underlying issue being an XSS flaw, but does not provide a published fixed version. The...

CVE-2024-24060

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...

PT-2024-20260 · Unknown · Springboot-Manager

Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sysContent/add" API endpoint. This allows for potential malicious script injection. No information is provided about the estimated number o...

CVE-2024-24059

Springboot-manager v1.6 is affected by an Arbitrary File Upload vulnerability caused by not filtering uploaded file suffixes. The reports consistently describe this as the root cause and outline the resulting security impact as arbitrary file upload with low confidentiality/integrity impact and n...

CVE-2024-24062

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...

PT-2024-20259 · Unknown · Springboot-Manager

Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sys/user" API endpoint. This allows for potential malicious script execution. The estimated number of potentially affected devices worldwid...

PT-2024-20261 · Unknown · Springboot-Manager

Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sys/role" API endpoint. This means an attacker could potentially inject malicious scripts into the webpage, affecting users who access the...

CVE-2024-24061

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...

CVE-2024-24061

The CVE-2024-24061 entry affects springboot-manager v1.6 and describes a Cross Site Scripting (XSS) vulnerability exposed via the endpoint /sysContent/add . The root cause in the available documents is not explicitly detailed beyond the XSS finding; the NVD/CVE metrics list a Medium impact (CVSS ...

CVE-2024-24059

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...

springboot-manager Security Vulnerability

springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...

springboot-manager Security Vulnerability

springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...

springboot-manager Security Vulnerability

springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which stems from the system not filtering the suffix of uploaded...

CVE-2024-24060

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...

CVE-2024-24061

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...

mldong Code Injection Vulnerability

mldong is mldong individual developer based on SpringBoot + Vue3 rapid development platform , self-research workflow engine . mldong 1.0 version of the code injection vulnerability , the vulnerability stems from the file com/mldong/modules/wf/engine/model/DecisionModel.java ExpressionEngine...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

开源工具 SpringBoot-Scan 的GUI图形化版本，对你有用的话麻烦点个Star哈哈 注意：本工具内置相关漏洞的Exp，杀软报毒属于正常现象！ 新版本工具使用 python3 main.py VulHub 漏洞测试环境搭建 git clone https://github.com/vulhub/vulhub.git 安装Docker环境 sudo apt-get install docker.io sudo apt install docker-compose 搭建CVE-2022-22965 cd /vulhub/CVE-2022-22965 sudo...

PT-2023-28728 · Jfinalcms +1 · Jfinalcms +1

Name of the Vulnerable Software and Affected Versions: SpringbootCMS version 1.0 JFinalcms affected versions not specified Description: The issue exists in a newly created part of the background, where parameters submitted by users are not filtered. This allows special characters in parameters to...

MarsCTF 代码问题漏洞

MarsCTF is a Vue + Springboot developed CTF learning platform by b1ackc4t individual developer. A security vulnerability exists in MarsCTF version 1.2.1, which stems from an arbitrary file upload vulnerability in the background upload attachment interface...

Spring Tips: go fast with Spring Boot 3.1

Hi, Spring fans! In this installment, Josh Long @coffeesoftware looks at how the new Spring Boot 3.1 release delivers incredible efficiencies for both developers and machines. Java springboot Microservices Testcontainers GraalVM Docker DockerCompose Devtools SSL...