This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. We'll see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but befor...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 a.k.a. Text4Shell RCE Proof of Concept !ima...

U.S. Dept Of Defense: springboot actuator is leaking internals at ██████████

Proof of Concept If you go to https://█████████/actuator you'll get a complete overview of all the endpoints that are accessable Suggestion: Use a Firefox Browser if possible, its json representation is well formed and the links are clickable ██████████ Impact Information Disclosure...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 - Spring4shell To run the vulnerable SpringBoot...

OneBlog Cross-Site Scripting Vulnerability

OneBlog is a simple and beautiful , powerful and adaptive Java blog. The use of springboot development , front-end use Bootstrap. support for mobile adaptive , with a complete front-end and back-end management functions . OneBlog in version 2.2.8 before the existence of XSS vulnerability , the...

com.antheminc.oss:nimbus-core (>=1.1.7 <=1.2.0.M5), com.antheminc.oss:nimbus-entity-dsl (>=1.1.7 <=1.2.0.M5) +110 more potentially affected by CVE-2021-35043 via org.owasp.antisamy:antisamy (>=1.5.7 <=1.6.3)

org.owasp.antisamy:antisamy MAVEN version =1.5.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.2.1, =1.2.1, =1.2.1, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =1.5.14, =1.5.14, =1.5.14, =1.5.26 and more Source cves: CVE-2021-35043 Source advisory: OSV:GHSA-9C8W-JRW3-Q2C3...

Huaxia ERP system has information leakage vulnerability

Huaxia ERP based on the SpringBoot framework and SaaS model for small and medium-sized enterprises to provide open source ERP software , currently focusing on sales and inventory financial production functions . Huaxia ERP system has an information leakage vulnerability that can be exploited by...

SQL injection vulnerability in MCMS (CNVD-2021-50953)

MCMS is a development template based on SpringBoot 2 architecture , front-end based on vue, element ui . MCMS suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive database information...

SQL Injection Vulnerability in CicadasCMS

CicadasCMS is a CMS developed with springboot+mybatis+beetl. CicadasCMS suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...

SQL Injection Vulnerability in Ruoyi Management System (CNVD-2021-49091)

Ruoyi management system is based on SpringBoot2.0 rights management system . A SQL injection vulnerability exists in Ruoyi Management System, which can be exploited by an attacker to obtain sensitive information from the database...

XSS Vulnerability in Mad God's Small Community Open Source Edition Announcement

Mad God's small community open source version , is a Springboot open source community management system based on . Mad God's small community open source version of the announcement of the existence of XSS vulnerability , an attacker can use the vulnerability to obtain the user's cookie informatio...

Stored XSS Vulnerability in the Open Source Version of Mad God's Little Community

Mad God's small community open source version is a Springboot-based open source community management system . Mad God's small community open source version of the existence of stored XSS vulnerability , an attacker can use the vulnerability to obtain the user's cookie information...

SQL Injection Vulnerability in Ruoyi Management System (CNVD-2021-39812)

Ruoyi management system is based on SpringBoot2.0 rights management system . A SQL injection vulnerability exists in Ruoyi Management System, which can be exploited by an attacker to obtain sensitive information from the database...

Springboot-plus has a logic flaw vulnerability

springboot-plus is based on SpringBoot 2 open source management backend system , focusing on the core functionality , provide robust kernel , support for multiple databases , easy to build, easy to modify . springboot-plus has a logic flaw vulnerability that can be exploited by attackers to obtai...

Logic Flaw Vulnerability in SpringBoot-Blog

SpringBoot-Blog is a Java blog system . A logic flaw vulnerability exists in SpringBoot-Blog. An attacker can exploit the vulnerability to bypass authentication and obtain sensitive information...

If a deserialization vulnerability exists in CMS

Ruoyi CMS is a set of domestic SpringBoot-based rights management system . Ruoyi CMS has a deserialization vulnerability that can be exploited by an attacker to deserialize arbitrary code execution by sending a JNDI request...

XSS Vulnerability in Cloud Collection Reviews

Cloud collection allows users to online anytime, anywhere collection of a website, the site can view the content of other people's public collection and comment. The project is developed using SpringBoot2.0 MySQL and other technologies. Cloud collection of comments there is an XSS vulnerability ,...

Huaxia ERP suffers from SQL injection vulnerability (CNVD-2021-28473)

Huaxia ERP based on SpringBoot framework and SaaS model , to provide open source ERP software for small and medium-sized enterprises , currently focusing on sales and marketing inventory + financial + production functions . Huaxia ERP has a SQL injection vulnerability, which can be exploited by...

Huaxia ERP suffers from SQL injection vulnerability (CNVD-2021-28474)

Huaxia ERP based on SpringBoot framework and SaaS model , to provide open source ERP software for small and medium-sized enterprises , currently focusing on sales and marketing inventory + financial + production functions . Huaxia ERP has a SQL injection vulnerability, which can be exploited by...

Huaxia ERP suffers from SQL injection vulnerability (CNVD-2021-28476)

Huaxia ERP based on SpringBoot framework and SaaS model , to provide open source ERP software for small and medium-sized enterprises , currently focusing on sales and marketing inventory + financial + production functions . Huaxia ERP has a SQL injection vulnerability, which can be exploited by...