Lucene search
K

7 matches found

Cvelist
Cvelist
added 2022/05/31 9:41 p.m.15 views

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...

6.2AI score0.00528EPSS
Exploits0References1
NVD
NVD
added 2022/04/10 9:15 p.m.7 views

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

5.4CVSS0.00429EPSS
Exploits1References1
NVD
NVD
added 2022/04/10 9:15 p.m.9 views

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

5.5CVSS0.00459EPSS
Exploits1References1
Prion
Prion
added 2022/04/10 9:15 p.m.14 views

Design/Logic Flaw

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

5.5CVSS5.5AI score0.00459EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/04/10 9:15 p.m.20 views

Cross site scripting

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

3.5CVSS5.3AI score0.00429EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/04/10 9:1 p.m.78 views

CVE-2022-27961

CVE-2022-27961 : OFCMS v1.1.4 contains a cross-site scripting (XSS) vulnerability in the Comment text box at /ofcms/company-c-47. The issue arises from crafted payloads that allow execution of arbitrary web scripts/HTML. CVSS data in sources indicates a MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:L/U...

5.4CVSS5.3AI score0.00429EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/04/10 9:1 p.m.75 views

CVE-2022-27960

CVE-2022-27960 affects OFCMS v1.1.4. The issue stems from insecure permissions configured in the user_id parameter within SysUserController.java, enabling an attacker to access and arbitrarily modify users’ personal information. The Network vulnerability arises from insufficient access control on...

5.5CVSS5.5AI score0.00459EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder