Lucene search
K

163 matches found

Cvelist
Cvelist
added 2022/05/31 9:41 p.m.15 views

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...

6.2AI score0.00528EPSS
Exploits0References1
CVE
CVE
added 2022/05/31 9:41 p.m.51 views

CVE-2022-29653

OFCMS v1.1.4 contains a cross-site scripting (XSS) vulnerability in the /admin/comn/service/update.json component. The root cause is lack of data validation/filtering on user-supplied data and output data, allowing injected JavaScript code to be executed in the context of the affected application...

6.1CVSS6AI score0.00528EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/04/10 9:15 p.m.7 views

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

5.4CVSS0.00429EPSS
Exploits1References1
OSV
OSV
added 2022/04/10 9:15 p.m.2 views

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

5.4CVSS5.9AI score0.00429EPSS
Exploits1References1
NVD
NVD
added 2022/04/10 9:15 p.m.7 views

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

5.5CVSS0.00459EPSS
Exploits1References1
OSV
OSV
added 2022/04/10 9:15 p.m.3 views

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

5.4CVSS5.8AI score0.00459EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/10 9:15 p.m.3 views

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

5.4CVSS6.3AI score0.00429EPSS
Exploits1References2
Prion
Prion
added 2022/04/10 9:15 p.m.14 views

Design/Logic Flaw

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

5.5CVSS5.5AI score0.00459EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/04/10 9:15 p.m.20 views

Cross site scripting

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

3.5CVSS5.3AI score0.00429EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/04/10 9:1 p.m.14 views

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

5.5AI score0.00429EPSS
Exploits1References1
CVE
CVE
added 2022/04/10 9:1 p.m.78 views

CVE-2022-27961

CVE-2022-27961 : OFCMS v1.1.4 contains a cross-site scripting (XSS) vulnerability in the Comment text box at /ofcms/company-c-47. The issue arises from crafted payloads that allow execution of arbitrary web scripts/HTML. CVSS data in sources indicates a MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:L/U...

5.4CVSS5.3AI score0.00429EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/04/10 9:1 p.m.74 views

CVE-2022-27960

CVE-2022-27960 affects OFCMS v1.1.4. The issue stems from insecure permissions configured in the user_id parameter within SysUserController.java, enabling an attacker to access and arbitrarily modify users’ personal information. The Network vulnerability arises from insufficient access control on...

5.5CVSS5.5AI score0.00459EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/04/10 9:1 p.m.19 views

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

5.7AI score0.00459EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/01 12:0 a.m.3 views

ofcms v1.1.4 backend existence of arbitrary file reading vulnerability

OFCMS is a content management system developed based on java technology. OFCMS v1.1.4 there are arbitrary file reading vulnerabilities in the background, the vulnerability stems from the program fails to properly validate the user data, remote attackers can use the vulnerability to read the...

7.3AI score
Exploits0
CNVD
CNVD
added 2021/06/01 12:0 a.m.2 views

Command Execution Vulnerability in ofcms v1.1.4

OFCMS is a content management system developed based on java technology. OFCMS v1.1.4 suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...

7.5AI score
Exploits0
CNVD
CNVD
added 2020/11/30 12:0 a.m.3 views

XSS Vulnerability in OFCMS

OFCMS is a java version of the CMS system, based on java technology development of content management system. OFCMS has an XSS vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...

5.8AI score
Exploits0
CNVD
CNVD
added 2019/03/11 12:0 a.m.1 views

OFCMS backend ueditor uploadScrawl file upload vulnerability

OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS backend ueditor uploadScrawl, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...

6.9AI score
Exploits0
CNVD
CNVD
added 2019/03/08 12:0 a.m.1 views

Directory Traversal Vulnerability in OFCMS Backend

OFCMS is a content management system developed based on java technology. A directory traversal vulnerability exists in the backend of OFCMS, which can be exploited by an attacker to traverse the directory and obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
added 2019/03/07 12:0 a.m.2 views

OFCMS backend ueditor uploadFile file upload vulnerability

OFCMS is a content management system based on Java technology. A backend ueditor uploadFile file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files that fails to take into account file.jsp::$DATA of the...

8.8CVSS7.6AI score0.02749EPSS
Exploits1References1
Prion
Prion
added 2019/03/06 10:29 p.m.11 views

Code injection

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...

6.5CVSS7.4AI score0.02708EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder