Lucene search
K

257 matches found

CNVD
CNVD
added 2022/06/09 12:0 a.m.15 views

MingSoft MCMS Cross-site Request Forgery Vulnerability

MingSoft MCMS is a J2ee system from MingSoft, a Chinese company. MingSoft MCMS version 5.2.7 is vulnerable to cross-site request forgery. An attacker can use this vulnerability to add an administrator account via ms/basic/manager/save.do...

6.8CVSS5AI score0.00642EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/13 12:0 a.m.17 views

MingSoft MCMS SQL Injection Vulnerability (CNVD-2022-72199)

MingSoft MCMS is a J2ee system from MingSoft, a Chinese company. SQL injection vulnerability exists in Mingsoft MCMS version 5.2.7, which can be exploited by attackers to conduct SQL injection attacks in the /mdiy/dict/list URI via the orderBy parameter...

7.5CVSS5.1AI score0.01455EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/04/07 12:0 a.m.15 views

MingSoft MCMS SQL Injection Vulnerability (CNVD-2022-85104)

MingSoft MCMS is a complete open source J2ee system from MingSoft, a Chinese company. mingsoft MCMS has a SQL injection vulnerability, which originates from the lack of filtering and escaping of SQL data in the categoryId parameter of /cms/content/list, and can be used by attackers to execute...

9.8CVSS4.6AI score0.05617EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.17 views

Liferay Portal Information Disclosure Vulnerability (CNVD-2022-19509)

Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB and JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay Portal has an information disclosure vulnerability that can be exploited by...

5.3CVSS0.4AI score0.00454EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.16 views

MingSoft Mcms SQL Injection Vulnerability (CNVD-2022-18535)

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4 that allows attackers to conduct SQL injection attacks via the search.do parameter in the file /mdiy/dict/listExcludeApp. No details of the vulnerabilit...

9.8CVSS9.8AI score0.07173EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.16 views

MingSoft Mcms SQL Injection Vulnerability (CNVD-2022-18534)

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.5 that allows an attacker to perform a SQL injection attack via the search.do parameter in the file /web/MCmsAction.java. No details of the vulnerability...

9.8CVSS9.8AI score0.01064EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.38 views

MCMS of Jiangxi Minsoft Technology Co., Ltd. has unspecified vulnerabilities

Mcms is a complete open source J2ee system from Jiangxi Mingsoft Technology Co. Mcms v5.1 version has a SQL injection vulnerability, which can be exploited by attackers to perform sql injection via /ms/cms/content/list.do...

9.8CVSS4.3AI score0.01385EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/28 12:0 a.m.37 views

mingSoft MCMS SQL Injection Vulnerability (CNVD-2022-09255)

MingSoft Mcms is China's Ming Fei MingSoft company a complete open source J2ee system . mingSoft MCMS suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to...

7.5CVSS7.7AI score0.01524EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.15 views

Unspecified Vulnerability in MingSoft Mcms

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of effective filtering of user-submitted data in the software's template management function, and can be exploited by an...

9.8CVSS9.7AI score0.23694EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.21 views

MCMS SQL Injection Vulnerability

Mcms is a complete open source J2ee system from China MingFei MingSoft. mcms v5.2.4 version has a SQL injection vulnerability, which originates in /ms/mdiy/model/importJson.do for the lack of filtering and escaping of SQL data. No detailed vulnerability details are available at this time...

9.8CVSS3.3AI score0.01595EPSS
Exploits1References1
OSV
OSV
added 2021/08/09 7:15 p.m.6 views

CVE-2018-17865

A cross-site scripting XSS vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS5.8AI score0.00746EPSS
Exploits1References1
NVD
NVD
added 2021/08/09 7:15 p.m.26 views

CVE-2018-17865

A cross-site scripting XSS vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS0.00746EPSS
Exploits1References1
OSV
OSV
added 2021/08/09 7:15 p.m.5 views

CVE-2018-17862

A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sysjdbc parameter to /TestJDBCWeb/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS5.8AI score0.01437EPSS
Exploits1References3
OSV
OSV
added 2021/08/09 7:15 p.m.3 views

CVE-2018-17861

A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS5.8AI score0.01543EPSS
Exploits1References3
NVD
NVD
added 2021/08/09 7:15 p.m.27 views

CVE-2018-17862

A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sysjdbc parameter to /TestJDBCWeb/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS0.01437EPSS
Exploits1References3
NVD
NVD
added 2021/08/09 7:15 p.m.18 views

CVE-2018-17861

A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS0.01543EPSS
Exploits1References3
Prion
Prion
added 2021/08/09 7:15 p.m.18 views

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the...

4.3CVSS5.9AI score0.01543EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/08/09 7:15 p.m.24 views

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A cross-site scripting XSS vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

4.3CVSS5.9AI score0.00746EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/08/09 7:15 p.m.14 views

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sysjdbc parameter to /TestJDBCWeb/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

4.3CVSS5.9AI score0.01437EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/08/09 6:30 p.m.17 views

CVE-2018-17861

A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6AI score0.01543EPSS
Exploits1References3
Rows per page
Query Builder