LogicalDOC 跨站脚本漏洞

LogicalDOC is the United States LogicalDOC company's set of document management system developed using Java technology. The system has Lucene full-text search index and automatic import and other functions. A security vulnerability exists in LogicalDOC that originates from reflective cross-site...

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

PT-2025-7572 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: The issue allows attackers to execute arbitrary code via uploading a crafted .jsp file to the "/file/savefile.do" API endpoint. This is made possible by an arbitrary file upload vulnerability in the component...

CVE-2025-23011

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...

CVE-2024-35570

An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file...

PT-2024-26307 · Inxedu · Inxedu

Name of the Vulnerable Software and Affected Versions: inxedu version 2024.4 Description: The issue allows attackers to execute arbitrary code by uploading a crafted .jsp file through the uploadAudio method. Recommendations: For inxedu version 2024.4, consider disabling the uploadAudio method unt...

VulnCheck KEV: CVE-2009-2445

Oracle iPlanet Web Server formerly Sun Java System Web Server or Sun ONE Web Server 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI...

CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

The vulnerability of the Fortinet FortiNAC network access control mechanism, related to deficiencies in access control, allows a intruder to perform unauthorized calls via JSP.

The vulnerability of the Fortinet FortiNAC network access control mechanism is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to perform unauthorized calls...

CVE-2022-39946

An access control vulnerability CWE-284 in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp call...

SUSE CVE-2008-2402

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

SUSE CVE-2013-4444

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file...

CVE-2023-23856

In SAP BusinessObjects Business Intelligence Web Intelligence user interface - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On...

CVE-2022-42971

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to...

The vulnerability of the APC Easy UPS Online Monitoring Software lies in its ability to allow the loading of arbitrary files, which enables a intruder to execute arbitrary code.

The vulnerability of the APC Easy UPS Online Monitoring Software relates to the ability to load any arbitrary file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading any JSP file remotely...

CVE-2022-36431

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1...

Expression Language Injection

Expression Language EL has been defined as part of the Java Server Pages Standard Tag Library JSTL in order to offer developers a simple way to output data from an object model. Starting from the JSP 2.0 specification, Expression Language has been made available within JSP pages, but it is also...

GHSA-QP5M-C3M9-8Q2P JSPUI vulnerable to path traversal in submission (resumable) upload

Impact The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters durin...

PT-2022-11757 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: novel-plus versions all Description: The issue concerns an unrestricted file upload in the /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java file. This allows an attacker to upload malicious JSP files...

CVE-2020-26806

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code...