7 matches found
CVE-2022-29653
OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...
CVE-2022-27961
A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...
CVE-2022-27960
Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...
Design/Logic Flaw
Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...
Cross site scripting
A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...
CVE-2022-27961
CVE-2022-27961 : OFCMS v1.1.4 contains a cross-site scripting (XSS) vulnerability in the Comment text box at /ofcms/company-c-47. The issue arises from crafted payloads that allow execution of arbitrary web scripts/HTML. CVSS data in sources indicates a MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:L/U...
CVE-2022-27960
CVE-2022-27960 affects OFCMS v1.1.4. The issue stems from insecure permissions configured in the user_id parameter within SysUserController.java, enabling an attacker to access and arbitrarily modify users’ personal information. The Network vulnerability arises from insufficient access control on...