26 matches found
CVE-2026-10567
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
CVE-2026-10514
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...
CVE-2026-10567
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
CVE-2026-10567
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
CVE-2026-10567 1Panel-dev CordysCRM ModuleFormController ModuleFormService.java save cross site scripting
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
EUVD-2026-33875
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
CVE-2026-10567 1Panel-dev CordysCRM ModuleFormController ModuleFormService.java save cross site scripting
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
CVE-2026-10567
The CVE concerns 1Panel-dev CordysCRM up to version 1.4.1. The vulnerability is in ModuleFormController/ModuleFormService.java (Save function); manipulating the Description argument leads to cross-site scripting (XSS). Exploitation is possible remotely and the exploit has been disclosed publicly....
EUVD-2026-33853
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...
CVE-2026-10514
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...
CordysCRM 代码注入漏洞
FIT2CLOUD CordysCRM is a customer relationship management system developed by FIT2CLOUD. Versions of CordysCRM 1.4.1 and earlier contain a code injection vulnerability. This vulnerability stems from a issue with the Save function in the ModuleFormController component’s file...
FIT2CLOUD CordysCRM 代码注入漏洞
FIT2CLOUD CordysCRM is a customer relationship management system developed by FIT2CLOUD Corporation. Versions of FIT2CLOUD CordysCRM 1.6.2 and earlier contain a code injection vulnerability. This vulnerability stems from an unknown function in the file...
CVE-2026-10514 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...
CVE-2026-10514
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...
CVE-2026-10514 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...
CVE-2026-10514
CVE-2026-10514 affects 1Panel-dev CordysCRM versions up to 1.6.2. The vulnerability targets an unknown function in backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java, enabling cross-site scripting. Remote exploitation is possible, and the exploit has been disclosed publi...
PT-2026-45672
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...