163 matches found
CVE-2022-29653
OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...
CVE-2022-29653
OFCMS v1.1.4 contains a cross-site scripting (XSS) vulnerability in the /admin/comn/service/update.json component. The root cause is lack of data validation/filtering on user-supplied data and output data, allowing injected JavaScript code to be executed in the context of the affected application...
CVE-2022-27961
A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...
CVE-2022-27961
A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...
CVE-2022-27960
Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...
CVE-2022-27960
Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...
CVE-2022-27961
A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...
Design/Logic Flaw
Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...
Cross site scripting
A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...
CVE-2022-27961
A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...
CVE-2022-27961
CVE-2022-27961 : OFCMS v1.1.4 contains a cross-site scripting (XSS) vulnerability in the Comment text box at /ofcms/company-c-47. The issue arises from crafted payloads that allow execution of arbitrary web scripts/HTML. CVSS data in sources indicates a MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:L/U...
CVE-2022-27960
CVE-2022-27960 affects OFCMS v1.1.4. The issue stems from insecure permissions configured in the user_id parameter within SysUserController.java, enabling an attacker to access and arbitrarily modify users’ personal information. The Network vulnerability arises from insufficient access control on...
CVE-2022-27960
Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...
ofcms v1.1.4 backend existence of arbitrary file reading vulnerability
OFCMS is a content management system developed based on java technology. OFCMS v1.1.4 there are arbitrary file reading vulnerabilities in the background, the vulnerability stems from the program fails to properly validate the user data, remote attackers can use the vulnerability to read the...
Command Execution Vulnerability in ofcms v1.1.4
OFCMS is a content management system developed based on java technology. OFCMS v1.1.4 suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...
XSS Vulnerability in OFCMS
OFCMS is a java version of the CMS system, based on java technology development of content management system. OFCMS has an XSS vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...
OFCMS backend ueditor uploadScrawl file upload vulnerability
OFCMS is a content management system developed based on java technology. There is a file upload vulnerability in OFCMS backend ueditor uploadScrawl, which can be exploited by attackers to upload webshell and gain server privileges, posing information leakage and operational security risks...
Directory Traversal Vulnerability in OFCMS Backend
OFCMS is a content management system developed based on java technology. A directory traversal vulnerability exists in the backend of OFCMS, which can be exploited by an attacker to traverse the directory and obtain sensitive information...
OFCMS backend ueditor uploadFile file upload vulnerability
OFCMS is a content management system based on Java technology. A backend ueditor uploadFile file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files that fails to take into account file.jsp::$DATA of the...
Code injection
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...