124 matches found
PT-2023-25044 · Ujcms · Ujcms
Name of the Vulnerable Software and Affected Versions: Ujcms version 6.0.2 Description: An issue in Ujcms allows attackers to gain sensitive information via the dir parameter to the "/api/backend/core/web-file-html/download-zip" API endpoint. Recommendations: For Ujcms version 6.0.2, as a tempora...
PT-2023-23719 · Ujcms · Ujcms
Name of the Vulnerable Software and Affected Versions: UJCMS versions up to 6.0.2 Description: A vulnerability has been found in the ZIP Package Handler component of UJCMS, which can lead to information disclosure through the manipulation of the dir argument. The attack can be initiated remotely,...
CVE-2023-34878
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
CVE-2023-34747
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...
CVE-2023-34747
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...
UJCMS 信息泄露漏洞
UJCMS is a Java open source content management system from UJCMS Open Source. UJCMS version 6.0.2 before the information leakage vulnerability , the vulnerability stems from the wrong operation of the parameter dir will lead to information leakage...
CVE-2023-34747
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...
CVE-2023-34878
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
CVE-2023-34878
CVE-2023-34878 affects Ujcms v6.0.2, where the dir parameter in the endpoint "/api/backend/core/web-file-html/download-zip" can cause leakage of sensitive information. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK access, LOW attack complexity, NONE privileges, NONE user interaction, and CO...
CVE-2023-34747
CVE-2023-34747 corresponds to a file upload vulnerability in ujcms 6.0.2, exploitable via the API endpoint /api/backend/core/web-file-upload/upload. The issue is described as an unrestricted file upload that can impact confidentiality, integrity, and availability (CVSS v3.1: 9.8 CRITICAL, Network...
UJCMS 安全漏洞
UJCMS is UJCMS open source a Java open source content management system . A security vulnerability exists in UJCMS v6.0.2. An attacker exploited the vulnerability to obtain sensitive information via the dir parameter of /api/backend/core/web-file-html/download-zip...
CVE-2023-34878
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
UJCMS 路径遍历漏洞
UJCMS is UJCMS open source a Java open source content management system . A security vulnerability exists in UJCMS version 6.0.2. An attacker exploited the vulnerability to move files via the rename function...
CVE-2023-24369
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
Cross site scripting
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
UJCMS 跨站脚本漏洞
UJCMS is UJCMS open source a Java open source content management system . UJCMS v4.1.3 version of a security vulnerability , the vulnerability stems from the existence of cross-site scripting XSS vulnerability , an attacker can be exploited to exploit the vulnerability will be carefully crafted...
CVE-2023-24369
CVE-2023-24369 affects UJCMS v4.1.3. The vulnerability is a cross-site scripting (XSS) flaw that lets an attacker inject arbitrary web scripts or HTML by placing a crafted payload in the URL parameter under the Add New Articles function. Impact per available data indicates potential: confidential...
CVE-2023-24369
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
CVE-2023-24369
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
CVE-2023-24369
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...